my php code doesn't validate data with mysql - php

I hav a Php code. It connects with the server and database, but it does not validate my form data with mysql database table. I hav same exact code which executes, but the following does not execute.........
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user'])!="")
{
header("Location: welcome.html");
}
if(isset($_POST['Submit']))
{
$name = $_POST['loginName'];
$upass = $_POST['loginPass'];
$res=mysql_query("SELECT * FROM authen WHERE name='$name'");
$row=mysql_fetch_array($res);
if($row['passwrd']==$upass)
{
$_SESSION['user'] = $row['user_id'];
header("Location: welcome.html");
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- JavaScript includes
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script> -->
<script src="assets/js/jquery-1.11.3.min.js"></script>
<script src="assets/js/jquery-ui-1.10.4.js"></script>
<script src="assets/js/script.js"></script>
<meta charset="utf-8" />
<link rel="stylesheet" href="assets/css/styles.css" />
<link rel="stylesheet" href="assets/css/jquery.fancybox.css" />
</head>
<body>
<div id="formContainer">
<form id="login" method="post">
<p id="lgnfrm">Login Form</p>
<input type="text" name="loginName" id="loginName" placeholder="User Name" required />
<input type="password" name="loginPass" id="loginPass" placeholder="password" required />
<input type="submit" name="Submit" id="sub" value="Login" />
</form>
</div>
<footer>
</footer>
</body>
</html>
I hav modified the code as directed but still i get the same response, i.e nothing happens
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user']) && $_SESSION['user'] != "")
{
header("Location: welcome.html");
}
if(isset($_POST['Submit']))
{
$name = mysql_real_escape_string($_POST['loginName']);
$upass = mysql_real_escape_string($_POST['loginPass']);
$res=mysql_query("SELECT * FROM authen WHERE name='$name'");
$row=mysql_fetch_array($res);
if($row['passwrd']==md5($upass))
{
$_SESSION['user'] = $row['user_id'];
header("Location: welcome.html");
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- JavaScript includes
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script> -->
<script src="assets/js/jquery-1.11.3.min.js"></script>
<script src="assets/js/jquery-ui-1.10.4.js"></script>
<script src="assets/js/script.js"></script>
<meta charset="utf-8" />
<link rel="stylesheet" href="assets/css/styles.css" />
<link rel="stylesheet" href="assets/css/jquery.fancybox.css" />
</head>
<body>
<div id="formContainer">
<form id="login" method="post">
<p id="lgnfrm">Login Form</p>
<input type="text" name="loginName" id="loginName" placeholder="User Name" required />
<input type="password" name="loginPass" id="loginPass" placeholder="password" required />
<input type="submit" name="Submit" id="sub" value="Login" />
</form>
</div>
<footer>
</footer>
</body>
</html>


isset returns boolean
your code should be
if(isset($_SESSION['user']) && $_SESSION['user'] != "")
{
header("Location: welcome.html");
exit;
}
Or
if(!empty($_SESSION['user']))
{
header("Location: welcome.html");
exit;
}


Do following changes in your first code
if(isset($_SESSION['user']) && !empty($_SESSION['user']))
{
header("Location: welcome.html");
}
hope this helps!!,please comment for further queries

Related

Can't access session variables in php

I'm trying to use session variable $_SESSION['name'] on the second page i.e review.php.
but it gives me nothing on the second page.How to use Session variable on the second page?
This is index.php
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','review');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$_SESSION['name'] = $id;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form action="review.php">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>
here is review.php
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','review');
if(isset($_SESSION['name']))
{
echo $_SESSION['name'];
}
else{
echo "nothing";
}
?>

You have 2 problem:
You send submitted form to review.php, so you should read form data in review.php
You did not set form method. As default method is GET, but you read $_POST variable. (What is the default form HTTP method?)
So you should change index.php as follow:
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','review');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$_SESSION['name'] = $id;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form method="post">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>

Why I am not getting the value of a variable in the following codes?

I have a login form through which a user can login to the website. I am checking whether the username and password match or not. If it matches, the user will be redirected to the Website, but if it doesn't match, an error message will be shown on the upper part of a form.
For this, I am storing the error message in a variable and then printing it to the upper part of the form. But it is not getting the value of the variable. Codes are as follows:
<?php
$link = mysqli_connect("localhost", "root", "", "youtube_project");
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Login Form</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login">
<div class="login-triangle"></div>
<h2 class="login-header">Log in</h2>
<form class="login-container" name="form1" action="" method="post">
<p style="color:red;"><?php if(isset($msg)){ echo $msg; } //Printing error msg, but couldn't get it ?></p>
<p><input type="text" placeholder="Username" name="username" required></p>
<p><input type="password" placeholder="Password" name="pwd" required></p>
<p><input type="submit" name="submit1" value="Log in"></p>
</form>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<?php
if(isset($_POST['submit1'])){
$username = mysqli_real_escape_string($link, $_POST['username']);
$pwd = mysqli_real_escape_string($link, $_POST['pwd']);
$sql = mysqli_query($link, "SELECT * FROM admin_login WHERE username='$username' && password='$pwd'");
if(mysqli_num_rows($sql) >= 1){
?>
<script type="text/javascript">
window.location="demo.php";
</script>
<?php
} else {
$msg = "Invalid Username/Password combination"; //Storing error msg
}
}
?>
</body>
</html>

You need to move your PHP code at the top so that the variable $msg gets set or unset.
Below is the formatted updated code:
<?php
$link = mysqli_connect("localhost", "root", "", "youtube_project");
if(isset($_POST['submit1'])){
$username = mysqli_real_escape_string($link, $_POST['username']);
$pwd = mysqli_real_escape_string($link, $_POST['pwd']);
$sql = mysqli_query($link, "SELECT * FROM admin_login WHERE username='$username' AND password='$pwd'");
if(mysqli_num_rows($sql) >= 1){
?>
<script type="text/javascript">
window.location="demo.php";
</script>
<?php
} else {
$msg = "Invalid Username/Password combination"; //Storing error msg
}
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>
Login Form
</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login">
<div class="login-triangle">
</div>
<h2 class="login-header">
Log in
</h2>
<form class="login-container" name="form1" action="" method="post">
<p style="color:red;">
<?php if(isset($msg)){ echo $msg; } //Printing error msg, but couldn't get it ?></p>
<p>
<input type="text" placeholder="Username" name="username" required>
</p>
<p>
<input type="password" placeholder="Password" name="pwd" required>
</p>
<p>
<input type="submit" name="submit1" value="Log in">
</p>
</form>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
</body>
</html>
I would recommend you never store plain text passwords! Please use PHP's built-in functions to handle password security.
You are wide open to SQL Injections too and should really use Prepared Statements.

I hope it can help
<?php
$link = mysqli_connect("localhost", "root", "", "youtube_project");
if(isset($_POST['submit1'])){
$username = mysqli_real_escape_string($link, $_POST['username']);
$pwd = mysqli_real_escape_string($link, $_POST['pwd']);
$sql = mysqli_query($link, "SELECT * FROM admin_login WHERE username='$username' && password='$pwd'");
if(mysqli_num_rows($sql) >= 1){
?>
<script type="text/javascript">
window.location="demo.php";
</script>
<?php
} else {
$msg = "Invalid Username/Password combination"; //Storing error msg
}
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Login Form</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login">
<div class="login-triangle"></div>
<h2 class="login-header">Log in</h2>
<form class="login-container" name="form1" action="" method="post">
<p style="color:red;"><?php if(isset($msg)){ echo $msg; } //Printing error msg, but couldn't get it ?></p>
<p><input type="text" placeholder="Username" name="username" required></p>
<p><input type="password" placeholder="Password" name="pwd" required></p>
<p><input type="submit" name="submit1" value="Log in"></p>
</form>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
</body>
</html>

You have to initialized the php variable first before display it.so you have to write the php part on the top.
<?php
$link = mysqli_connect("localhost", "root", "", "youtube_project");
?>
<?php
if(isset($_POST['submit1'])){
$username = mysqli_real_escape_string($link, $_POST['username']);
$pwd = mysqli_real_escape_string($link, $_POST['pwd']);
$sql = mysqli_query($link, "SELECT * FROM admin_login WHERE username='$username' && password='$pwd'");
if(mysqli_num_rows($sql) >= 1){
?>
<script type="text/javascript">
window.location="demo.php";
</script>
<?php
} else {
$msg = "Invalid Username/Password combination"; //Storing error msg
}
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Login Form</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login">
<div class="login-triangle"></div>
<h2 class="login-header">Log in</h2>
<form class="login-container" name="form1" action="" method="post">
<p style="color:red;"><?php if(isset($msg)){ echo $msg; } //Printing error msg, but couldn't get it ?></p>
<p><input type="text" placeholder="Username" name="username" required></p>
<p><input type="password" placeholder="Password" name="pwd" required></p>
<p><input type="submit" name="submit1" value="Log in"></p>
</form>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
</body>
</html>

PHP produces a blank webpage

When ever I use this piece of PHP, it makes the webpage blank (white) and does not show anything. Here is my code:
<?php
if(isset($_POST['submit'])){
//
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
//include database connection
include('../includes/db_connect.php');
if(empty($user) || empty($pwrd)){
echo 'Missing information';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=9" />
<script src="https://code.jquery.com/jquery-1.10.2.js"></script>
</head>
<body>
<div id="container">
<form action="Login.php" mthod="post">
<p>
<label>Username</label><input type="text" name="username" />
</p>
<p>
<label>Password</label><input type="password" name="pwrd" />
</p>
<input type="submit" name="submit" value="logIn" />
</form>
</div>
</body>
</html>
After testing different pieces of the PHP code, I have noticed only this code make the page blank
if(empty($user) || empty($pwrd)){
echo 'Missing information';
}
?>
Is this possibly something to do with Apache, or is there something wrong with my PHP?

There are following problem:-
your first if bracket is not closed. So closed it.
your form method is not correct. Spelling mistake:-
So the correct code is here :-
<?php
if(isset($_POST['submit'])){
//
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
//include database connection
include('../includes/db_connect.php');
if(empty($user) || empty($pwrd)){
echo 'Missing information';
}
}// missing
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=9" />
<script src="https://code.jquery.com/jquery-1.10.2.js"></script>
</head>
<body>
<div id="container">
<form action="Login.php" method="post"> // method is written mthod
<p>
<label>Username</label><input type="text" name="username" />
</p>
<p>
<label>Password</label><input type="password" name="pwrd" />
</p>
<input type="submit" name="submit" value="logIn" />
</form>
</div>
</body>
</html>
Output:- before submit :- http://prntscr.com/74xhb7
After submit :- http://prntscr.com/74xhmm
Note:- the bracket that i said you to close you can close it based on your convinence. Thanks.
Also don't panic with error you seen in second screenshot. It's because i am not having included files at my end.

Changing a welcome message from full name to just username (PHP)

I'm very new to web developing and PHP. I'm creating a website with a member area and would like to display a Welcome "username" message. In my actual code there is a Welcome message displaying the Full Name of user. Can someone help me here? Below I'm pasting the code I'm using for my login.php and login-home.php (member's area). Thank you
login.php
<?PHP
require_once("./include/membersite_config.php");
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
$fgmembersite->RedirectToURL("login-home.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
<title>Login</title>
<link rel="STYLESHEET" type="text/css" href="style/fg_membersite.css" />
<script type='text/javascript' src='scripts/gen_validatorv31.js'></script>
</head>
<body>
<!-- Form Code Start -->
<div class="logo_container"></div>
<div class='splash-container'>
<div id='fg_membersite'>
<form id='login' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'>
<fieldset >
<legend>Orcaly</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>
<div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div>
<div class='container'>
<label for='username' ></label><br/>
<input type='text' placeholder="UserName"name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username') ?>' maxlength="50" /><br/>
<span id='login_username_errorloc' class='error'></span>
</div>
<div class='container'>
<label for='password' ></label><br/>
<input type='password' placeholder="Password" name='password' id='password' maxlength="50" /><br/>
<span id='login_password_errorloc' class='error'></span>
</div>
<div class='container'>
<input type='submit' name='Submit' value='Submit' />
</div>
<div class='short_explanation'><a href='reset-pwd-req.php'>Forgot Password?</a></div>
<div class='register'><a href='register.php'>Register</a></div>
</fieldset>
</form>
<!-- client-side Form Validations:
Uses the excellent form validation script from JavaScript-coder.com-->
<script type='text/javascript'>
// <![CDATA[
var frmvalidator = new Validator("login");
frmvalidator.EnableOnPageErrorDisplay();
frmvalidator.EnableMsgsTogether();
frmvalidator.addValidation("username","req","Please provide your username");
frmvalidator.addValidation("password","req","Please provide the password");
// ]]>
</script>
</div>
</div>
<!--
Form Code End (see html-form-guide.com for more info.)
-->
</body>
</html>
login-home.php
<?PHP
require_once("./include/membersite_config.php");
if(!$fgmembersite->CheckLogin())
{
$fgmembersite->RedirectToURL("login.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
<title>Home page</title>
<link rel="STYLESHEET" type="text/css" href="style/fg_membersite.css">
</head>
<body>
<div class="logo_container"></div>
<div class='splash-container'>
<div id='fg_membersite'>
<fieldset>
<legend>Home Page</legend>
<div class='confirmation'>Welcome back <?= $fgmembersite->UserFullName(); ?>!</div>
<div class='confirmation'><a href='change-pwd.php'>Change password</a></div>
<div class='register'><a href='access-controlled.php'>A sample 'members-only' page</a></div>
<br>
<div class='register'><a href='logout.php'>Logout</a></div>
</fieldset>
</div>
</div>
</body>
</html>

The simple answer is you need to change this line of code:
<div class='confirmation'>Welcome back <?= $fgmembersite->UserFullName(); ?>!</div>
So that $fgmembersite->UserFullName(); becomes a variable that holds your username or a function that returns your username. Right now it is a function that returns the user's full name.
This might be a little bit beyond your current skills at programming. One thing that is very simple and feasible is to store the username as a session variable when the user logs in. Then you can replace $fgmembersite->UserFullName(); with $_SESSION["username"] or whatever you descide to call it.
Alternatively you can define your own function to return the username, or if the username isn't available for some reason, some other value (which is slightly better design).

PHP code not Re-directing

what is the problem in this code...??? it is not redirecting to the other page but stay on the login.php page (Blank Page)... Database are all correct...
can someone help me on this code...
your help is much appreciated...
<?
require_once('include/config.php');
require_once('include/functions.php');
session_start();
session_destroy();
$message="";
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$md5_password=md5($_POST['password']); // Encrypt password with md5() function.
mysql_select_db("$db", $con);
$result=mysql_query("select * from staff where stf_username='$username' and stf_password='$md5_password'");
$sql =mysql_query("select stf_level from staff where stf_username='$username'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username");
while($row = mysql_fetch_array($sql))
{
//echo $row['level'] . " ";
if($row['stf_level'] == 1){
header("location:admin/index.php");
}
elseif($row['stf_level'] == 2){
header("location:cashier/index.php");
}
elseif($row['stf_level'] == 3){
header("location:waiter/index.php");
}
elseif($row['stf_level'] == 4){
header("location:kitchen/index.php");
}
}
//header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}
} // End Login authorize check.
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<meta name="description" content="Description" />
<meta name="keywords" content="Keywords" />
<meta name="author" content="Aafrin" />
<title>iCafe Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<link rel="stylesheet" type="text/css" href="css/keyboard.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="js/keyboard.js"></script>
</head>
<body>
<div id="wrapper">
<div id="loginPanel">
<img class="image" alt="" src="images/logo.png" width="220" height="120" />
<div id="error"><? echo $message; ?></div>
<form id="form" name="form" method="post" action="<? echo $PHP_SELF; ?>">
<label>Username :</label>
<input type="text" name="username" class="keyboardInput" />
<label>Password :</label>
<input type="password" name="password" class="keyboardInput" />
<input name="Login" type="submit" id="Login" value="Login" class="submit" />
<!--
<input type="submit" value="Submit" name="submit" class="submit" />
-->
</form>
<div id="footer">
XYZ © 2012 - All Rights Reserver | Powered By Kesavan
</div>
</div>
<!--
<div id="details">
<p>Login Details</p>
Admin : admin
<br />
Waiter : waiter
<br />
Kitchen : kitchen
<br />
Cashier : cash
</div>
-->
</body>
</html>

try #header("") may be you have an error. Why dont you save all the location in a variable and pass the variable to the header function?
if($x=1){$loc="admin/index.php"}
if($x=2){$loc="staff/index.php"}
if($x=3){$loc="manager/index.php"}
#header('location:$loc')

i think you should put space after the :
it will be like
header("location: cashier/index.php");

Categories