I am creating a login page using PHP and Mysqli database, I wrote the query, however mysqli_num_rows() give me an error when value is given. PS: I did this in Object Oriented Format
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "customerdb";
$connection = #new mysqli($host, $user, $pass, $db);
if ($connection->connect_errno) {
die("Connection failed!");
exit();
}
if (isset($_POST['submit'])) {
$username = $connection->real_escape_string($_POST['username']);
$password = $connection->real_escape_string($_POST['password']);
$script = "SELECT * FROM customer_management WHERE
customer_management.Username='".$username."'AND WHERE customer_management_Password='".$password."'";
$result = $connection->query($script, MYSQLI_USE_RESULT);
$check = $result->num_rows;
if ($check >= 1){
echo "Welcome to this website";
}
else{
echo"Sorry but your input is incorrect!";
}
}
?>
<!DCOTYPE html>
<html lang='en'>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Page</title>
</head>
<body>
<h1>Login Page</h1>
<form method="post" action="login.php">
<input type="text" placeholder = 'username' name="username" /><br /><br />
<input type="password" placeholder="password" name="password" /><br /><br />
<input type="submit" name="submit" value="Log In" />
</form>
</body>
</html>
Change customer_management_Password to customer_management.Password in your query.
Related
I am new to PHP and was following a login_registration script the registration process works fine and the user is added to the database, however, when I try to log in it shows error I checked php.error log on wamp server and it says this,
PHP 1. {main}() C:\wamp64\www\php\login_register_system\login.php:0
Here is my code
connect.inc.php
<?php
//$conn_error = "could not connect";
$mysql_host= "localhost";
$mysql_user = "root";
$mysql_pass ="";
$mysql_db ="a_database";
$conn = mysqli_connect($mysql_host,$mysql_user,$mysql_pass,$mysql_db);
/*if(!mysqli_connect($mysql_host,$mysql_user,$mysql_pass) && !mysqli_select_db($mysql_db)){
die($conn_error);
}
*/
if(!$conn){
die("Connection failed: ". mysqli_connect_error());
}
?>
registration.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Registartion</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
require "connect.inc.php";
if(isset($_REQUEST["username"])){
$username =stripslashes($_REQUEST["username"]);
$username =mysqli_real_escape_string($conn,$username);
$email =stripslashes($_REQUEST["email"]);
$email =mysqli_real_escape_string($conn,$email);
$password =stripslashes($_REQUEST["password"]);
$password =mysqli_real_escape_string($conn,$password);
$trn_date = date("Y-m-d H:i:s");
$query ="INSERT INTO `users2` (username,password,email,trn_date) VALUES('$username','".md5($password)."','$email','$trn_date')";
$result =mysqli_query($conn,$query);
if($result){
echo "<div class='form'>
<h3>You are registered succesfully</h3><br>
Click here to <a href='login.php'>Log in</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Registration</h1>
<form name="registration" action ="registration.php" method="post">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="text" name ="email" placeholder ="Email" required/>
<input type="password" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Register"/>
</form>
</div><!--form-->
<?php } ?>
</body>
</html>
login.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Login</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
//ini_set('display_errors','1');
//error_reporting(E_ALL);
require "connect.inc.php";
session_start();
if(isset($_POST["username"])){
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$username = mysqli_real_escape_string($conn,$password);
$query ="SELECT * FROM `users` WHERE username ='$username' and password ='".md5($password)."' ";
$result =mysqli_query($conn,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION["username"] = $username;
header("Location: index.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect</h3><br>
Click here to <a href='login.php'>Login</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Login </h1>
<form action="login.php" method="post" name="login">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="passowrd" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Login"/>
</form>
</div>
<?php } ?>
</body>
</html>
logout.php
<?php
session_start();
if(session_destroy()){
header("Location: login.php");
}
?>
index.php
<?php
include("auth.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Welcome home</title>
</head>
<body>
<div class="form">
<p>Welcome <?php echo $_SESSION["username"];?></p>
<p>This is secure area</p>
Logout
</div>
</body>
</html>
Any help will be highly appreciated. Thanks.
Do note this is just for learning the purpose. I know there are flaws but please be easy.
Just change this,
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$password =stripslashes($_REQUEST["password"]);
$password = mysqli_real_escape_string($conn,$password);
to the following,
$username = stripslashes($_REQUEST['username']);
$username = mysqli_real_escape_string($conn, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($conn, $password);
I hope you have only one user related to the entered credentials in the database. Hope this helps you!
thanks i got it resolved..problem was this line $query ="SELECT * FROM users WHERE username ='$username' and password ='".md5($password)."' "; in login.php..
correct should be this
$query ="SELECT * FROM `users2` WHERE username ='$username' and password ='".md5($password)."' ";
i was checking data in users table whereas i registered in users2 table..as i had many tables that created confusion
I am trying to create PHP form data insert in SQL but getting error.
Even when I write code same to same but I'm still getting an error.
<?php
$un = $_POST['uname'];
$em = $_POST['email1'];
//with or what out these bellow variables
$host = "localhost";
$username = "admin";
$password = "admin";
$database = "test1";
$db = mysqli_connect('$host','$username','$password','$database');
$query = "INSERT INTO users ('username','password') VALUES ('$un','$em')";
$rs = mysqli_query($db,$query);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Form Registration</title>
</head>
<body>
<form action="server1.php" method="post">
<label>Name</label>
<input type="text" name="uname" required="required">
<label>Email</label>
<input type="email" name="email1" required="required">
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
The error was "" just inverted comma's, now its works perfectly.
<?php
$un = $_POST['uname'];
$em = $_POST['email1'];
$host = "localhost";
$username = "admin";
$password = "admin";
$database = "test1";
$con = mysqli_connect ("$host","$username","$password","$database");
$query = "insert into users (username,email) values ('$un','$em')";
$run = mysqli_query ($con,$query);
if ($run=TRUE){
echo 'Data Submitted Successfuly';
}
else {
echo 'Error';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Form Registration</title>
</head>
<body>
<form action="server1.php" method="post">
<label>Name</label>
<input type="text" name="uname" required="required">
<label>Email</label>
<input type="email" name="email1" required="required">
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
You can try this way.
$db = mysqli_connect($host, $username, $password) or die ('Unable to connect');
mysqli_select_db($db, $database) or die('Unable to select DB');
I have a basic login where the code redirects the user to a page (google.com at the moment). How do I make it so that the page it redirects you to is only accessible if the user is logged in (they can't just type the URL and access the page). I understand that you have to use session start but have read around and cannot come up with a solution.
login.php
<?php
error_reporting(E_ALL | E_STRICT);
$servername = "localhost";
$serverUsername = "root";
$serverPassword = "";
// Create connection
$conn = new mysqli($servername, $serverUsername, $serverPassword, "users");
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
$loginError = "";
if (isset($_POST["submit"])) {
$username = $conn->real_escape_string($_POST["username"]);
$stmt = $conn->prepare("SELECT Password FROM user_logons WHERE Username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->bind_result($password);
$stmt->execute();
$stmt->fetch();
$stmt->close();
if (password_verify($_POST['password'], $password)) {
header("Location: https://google.com/");
}
else {
$loginError = "Invalid username or password!";
}
}
mysqli_close($conn);
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<h2>Login Test</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Username: <input type="text" name="username">
<br><br>
Password: <input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Submit">
<span class = "error"><?php echo $loginError; ?></span>
</form>
</body>
</html>
login.php
<?php
error_reporting(E_ALL | E_STRICT);
$servername = "localhost";
$serverUsername = "root";
$serverPassword = "";
// Create connection
$conn = new mysqli($servername, $serverUsername, $serverPassword, "users");
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
$loginError = "";
if (isset($_POST["submit"])) {
$username = $conn->real_escape_string($_POST["username"]);
$stmt = $conn->prepare("SELECT Password FROM user_logons WHERE Username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->bind_result($password);
$stmt->execute();
$stmt->fetch();
$stmt->close();
if (password_verify($_POST['password'], $password)) {
session_start();
$_SESSION["loggedIn"] = "true";
header("Location: redirect.php");
}
else {
$loginError = "Invalid username or password!";
}
}
mysqli_close($conn);
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<h2>Login Test</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Username: <input type="text" name="username">
<br><br>
Password: <input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Submit">
<span class = "error"><?php echo $loginError; ?></span>
</form>
</body>
</html>
redirect.php
<?php
error_reporting(E_ALL | E_STRICT);
session_start();
if(!empty($_SESSION['loggedIn'])) {
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
</style>
</head>
<body>
<h1>Welcome User<h1>
</body>
</html>
<?php
}
else {
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<h1 align = "center">Unfortunately, you will need to be logged in to view this section!<h1>
<p align = "center">To return to the login page Click Here</p>
</body>
</html>
<?php
}
session_destroy();
?>
I am trying to set up a login system but the page is not doing the validation of the user and passwors. I know is connecting to the database but it doesn't show any results after the for each statement.
I have two files one for the login form(login.php) and one for the login to the database(process.php).
Here is my code:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>Login Page</title>
</head>
<body>
<div>
<form action="process.php" method="POST">
<p>
<label>Username:</label>
<input type="text" id="user" name="user">
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass">
</p>
<p>
<label>Username:</label>
<input type="submit" id="btn" value="Login">
</p>
</form>
</div>
</body>
</html>
Process.php
<?php
//Get values from login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//Stop SQL injection
/* $username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//Connect to the server and select database
$domainsn = 'mysql:host=localhost;dbname=login';
$username = 'root';
$password = 'costarica';
try {
$db = new PDO ($domainsn, $username, $password);
echo "Connected";
} catch (Exception $e) {
$error_message = $e->getMessage();
echo "Coudn't connect due to $error_message";
}
$query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'";
$result = $db->query($query);
//echo "$result";
foreach ($result as $results) {
echo "$results";
echo $users['id'];
if ($results['username'] == $username && $results['password'] == $password) {
echo "Login success!!! Welcome ".$results['username'];
} else {
echo "failed try {} catch ( $e) {}";
}
}
?>`enter code here`
You can use this i hope it will help.
$query = "SELECT * FROM users WHERE username = '".$username."' AND password ='".$password."' ";
$result = $db->query($query);
if($result->num_rows>0){
// User exists
}else{
// User not exists.
}
Im getting a interesting error message. It says that my $databaseConnection is considered a non object in my script. But this script works perfectly fine on my test server. Any idea why pdo would consider my $databaseConnection a non object?
PHP Fatal error: Call to a member function prepare() on a non-object in /nas/content/live/inboundpro/leadportal/index.php on line 35
<?php
session_start();
//DB configuration Constants
define('_HOST_NAME_', '162.242.221.151;3306');
define('_USER_NAME_', '*****');
define('_DB_PASSWORD', '*****');
define('_DATABASE_NAME_', '*****');
$user = '*****';
$pass = '*****';
//PDO Database Connection
try {
$databaseConnection = new PDO('mysql:host=162.242.221.151;dbname=wp_inboundpro', $user, $pass);
$databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if(isset($_POST['submit'])){
$errMsg = '';
//username and password sent from Form
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($username == '')
$errMsg .= 'You must enter your Username<br>';
if($password == '')
$errMsg .= 'You must enter your Password<br>';
if($errMsg == ''){
$records = $databaseConnection->prepare('SELECT id,username,password,hash FROM tbl_users WHERE username = :username');
$records->bindParam(':username', $username);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if(count($results) > 0 && password_verify($password, $results['hash'])){
$_SESSION['username'] = $results['username'];
$_SESSION['logged_in'] = true;
header('location:dashboard.php');
exit;
}else{
$errMsg .= 'Username and Password are not found<br>';
}
}
}
?>
<html>
<head>
<meta name="robots" content="noindex">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="viewport" content="width=device-width">
<title>Login Page PHP Script</title>
<link href="css/index.css" rel="stylesheet" type="text/css">
</head>
<html>
<body>
<div class="front">
<div class="center">
<div class="LoginPortal">
<?php
if(isset($errMsg)){
echo '<div style="color:#FF0000;text-align:center;font-size:12px;background-color:white;padding-top:5px;padding-bottom:5px;">'.$errMsg.'</div>';
}
?>
<form action="" method="post">
<div class="formTop"><img src="images/IP_Logo_SOLO.png"></div>
<div class="Formcenter">
<input type="text" name="username" class="box" placeholder="USERNAME"/>
<input type="password" name="password" class="box" placeholder="PASSWORD"/><br />
<input type="submit" name='submit' value="Submit" class='submit'/>
</div>
</form>
</div><!-- close center -->
</div>
</div>
</body>
</html>
Any prob in the correct direction would be awesome. I'm a beginner at PDO