mysql_query("INSERT INTO... is not working - php

I'm trying to create a registration page. The page is successfully connected to phpMyAdmin database but it does not echo anything when i click the register button.
<html>
<head>
</head>
<body>
<?php
INCLUDE "connect.php";
INCLUDE "functions.php";
INCLUDE "titlebar.php";
?>
<div id="loginform">
<h1>Register</h1>
<form name="Register" action="register.php" method="post">
<?php
if(isset($POST["submit"])){
$username = $_POST["username"];
$password = md5 ($_POST["password"]);
if(empty($username) or empty($password)){
echo "<p>Fields Empty!</p>";
} else {
mysql_query("INSERT INTO login VALUES('',$username','$password','2','')");
echo "<p>Successfully Registered!</p>";
}
}
?>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username"/></p><p>
<label for="password">Password: </label>
<input type="password" name="password" id="password"/></p><p>
<input type="submit" name="submit" value="Register" />
</p>
</form>
</div>
</body>


The problem is with the post method.
use $_POST instead of $POST


You have mysql error
Not: $username'
but '$username'
And next time display mysql errors with mysql_error().


At the beginning, I am not sure what isset($_POST['submit'] should return, but as already mentioned in the comments you missed a single quote.
Additionaly i would use:
$password = password_hash($_POST['password'],
md5 is deprecated and thus not safe. If you write a login script you can use password_verify(plainPW, hashPW)
You also need to specify a database and login into it. I recommend to look at the W3 Schools examples they are very in-depth and have good examples.
W3 school mysqli page
also write a die() at the end of your script and do not foregt to close the connection.

Related

Possible stupid error! IF statement not running?

A little context, the registration part works fine, however I want to now add a login system. I want to test to see if the username exists but this isn't working.
Can anyone spot the error here?
Feel free to check it on a server over here - it's a WIP so there's still lots to do. The username "Lewis" is currently entered into the database for testing purposes.
As you can see, after the form has been filled etc. none of the echo statements run, in fact, even if an echo is put directly below the first 'IF' statement, it still doesn't print, so what is the problem? I've also tried changing the IF to:
if($_SERVER['REQUEST_METHOD'] == 'POST'){
Still no luck.
PHP:
//error_reporting(E_ALL);
//ini_set('display_errors', TRUE);
require 'vdb_includes/db.php';
require 'functions.php';
if(!empty($_POST['username']) && !empty($_POST['pw'])){
$verifyUsername = $_POST['username'];
$verifyPassword = $_POST['pw'];
$usernameCheck = mysqli_query($con, "SELECT * FROM users WHERE username='".$verifyUsername."'");
if($usernameCheck->num_rows){
echo "Username exists";
} else {
echo "Non existant";
}
}
HTML:
<form id="login_form" action="http://valhq.com/login" method="POST">
<div class="login_form_content">
<div class="login_form_input">
<input type="text" class="login_input_style" placeholder="Username" id="username" name="username" maxlength="20">
</div>
<div class="login_form_input">
<input type="password" class="login_input_style" placeholder="Password" id="pw" name="pw" maxlength="56">
</div>
<input type="submit" id="submit" name="submit" class="login_submit" value="Login">
<div class="login_notMember">
Don't have an account? Sign up.
</div>
</div>
</form>

You have a 301 redirect to add a slash at the end of your url when it's missing. You haven't got a slash at the end of your form action and because of that the form post gets redirected to the url with the slash. Solution: add a slash at the end of the form action and it will work.

Log in form does not work and i cant find out why

I am trying to make a simple login form but I can not make it work. I have tried different things and searched for answers but nothing seems to be working. When I press the login button nothing happens its like there is no code for it.
here is the code I used:
<?php require 'Connections/Connections.php';?>
<?php
if(isset($_POST['Login'])){
$EM = $_POST['email'];
$PW = $_POST['pwd'];
$result = $con->query("SELECT email, pwd WHERE email=$EM and pwd='$PW'");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION["user_id"] = $row['user_id'];
header('Location: account.php');
}
?>
<html>
<head>
<title>Social</title>
<link rel="stylesheet" href="css/signin.css">
</head>
<body>
<div id="form">
<form id ="form1">
<input class="paper" type="email" name="email" id="email" required="required" placeholder="E-mail:"><br>
<input class="paper1" type="password" name="pwd" id="pwd" required="required" placeholder="Password:">
<button name="Login" id="login" value="Submit" type="submit">Login</button>
</form>
<form id="form2" action="register.php" method="get">
<button name="register" id="button2" value="submit" type="submit">Register</button>
</form>
</div>
<!-- <img id="logo" src="logo1.png">-->
</body>
</html>
and here is what the required file has in it:
<?php
$con = mysqli_connect("localhost","root","","phplogin");
?>

First of all, start session at the very top of your PHP script, like this:
<?php
session_start();
?>
Second, add action="post" attribute to your <form> element,
<form id ="form1" method="post">
Third, your SELECT query is also wrong, it should be:
$result = $con->query("SELECT user_id, email, pwd FROM your_table WHERE email='$EM' and pwd='$PW'");
And finally, use ->num_rows to check the number of rows returned by the SELECT query, and use exit() after header() because header() alone is not sufficient to redirect the user to a different page.
Here are the references:
mysqli_result::$num_rows
exit()
So your code should be like this:
// your code
$result = $con->query("SELECT user_id, email, pwd FROM your_table WHERE email='$EM' and pwd='$PW'");
if($result->num_rows){
$row = $result->fetch_array(MYSQLI_BOTH);
$_SESSION["user_id"] = $row['user_id'];
header('Location: account.php');
exit();
}else{
echo "Incorrect user credentials";
}
// your code

You're trying to redirect with the header() function, but because of how you've sectioned off your <?php tags at the top, you're probably getting a suppressed error about headers already being sent. If you clean up the top of your file, the redirect should work:
<?php
require 'Connections/Connections.php';
if (isset($_POST['Login'])){
...

XAMPP : My input (name and pass) always has root and password inside of it..how so?

Today I was trying to create a login page with PDO class in PHP. It worked fine but my problem is my input always have a "root" string value for my first input, and a password inside my second input. Why and how can I erase that? I tried to put a "placeholder" inside of each input, and it still doesn't replace it. Oh, by the way, my input has a "yellow" background...kinda weird. And when I erase it manually, they return white as usual..
This is my code :
<?php
include_once('user.php');
if (isset($_POST['submit'])) {
$name = $_POST['username'];
$pass = $_POST['password'];
$object = new User();
$object->Login($name,$pass);
}
?>
<html>
<head>
</head>
<body>
<form method="post" action="<?= $_SERVER['PHP_SELF']; ?>">
Username: <input type="text" name="username"><br><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Log In">
</form>
</body>
</html>

Cache, or saved credentials problem.
Try:
<input type="text" name="username" value="" placeholder="" autocomplete="off">

Weird PHP within html

I've written some html code, and once i tried to place some PHP inside it, anything below this sign ?> wouldn't appear!!! I have some pictures and text that wouldn't appear unless I place it above. I'm writing with Bootstrap 2.3 and phpMyAdmin 4.10. all languages. Thank you for your time in advance.
here is my code so far:
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassowrd" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassowrd" placeholder="Your password">
<input class = "btn btn-default" type="submit" value="Sign in">
</form>
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
header("location:index.php");
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
?>
</div>
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
</body>
</html>

A few things have already been outlined (as answers) that do make sense, however I spotted a few typos in your inputs that will prevent your form from working, plus a few other points.
Here are a few of my recommendations:
First, this (in 2 instances) has a typo in it name="usrPassowrd" which should read as name="usrPassword" to go with your existing $password = $_POST['usrPassword'];
As I stated in my original comments:
Comment #1: die("cannot go empty"); header("location:index.php"); exit; Your header won't do anything, because it DIE()'d and that will cease to go any further.
Comment #2: What I suspect is going on is, because you've got your entire code inside one big clump, and that if certain conditions aren't met... it still wants to keep going. Now, I suggest that you put a conditional statement wrapped around your PHP....
such as if(isset($_POST['submit'])){ // PHP } then add this to your submit button name="submit" --- I also suggest you split up your form and your PHP/SQL altogether and make it submit to another page instead, with the same conditional statement I've already outlined.
If you absolutely want to execute everything in one page, try the following:
Note: I borrowed the img src from user3009875's answer also.
(Rewrite)
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassword" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassword" placeholder="Your password">
<input class = "btn btn-default" name="submit" type="submit" value="Sign in">
</form>
<?php
// this below, will prevent a premature execution of code
if(isset($_POST['submit'])){
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
// header("location:index.php"); // commented out
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
} // end brace for if(isset($_POST['submit']))
?>
</div>
<!-- commented out original img src -->
<!--
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
-->
<!-- new img src by user3009875 in an answer given -->
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
</body>
</html>

You can't use header() there to perform a redirection because you've already outputted some HTML and PHP has flushed HTTP headers.
The reason that <img> disappeared is probably that you called die(). This function terminates the whole page at once.
If you see cannot go empty, you should check the form to make sure you posted username field. If you see some error message about MYSQL, it is mysql_query($query) that fails.
By the way, your code has a SQL Injection problem.

IT doesn't load below ?> because script fails. This is common behaviour when there is a bug.
Check tail -f /var/log/apache2/error.log on linux (terminal)
Check tail -f /var/log/apache2/error_log on max (terminal)
windows -> I have no idea... somewhere in C:\\

At this point:
die("cannot go empty");
you stop the script. The following PHP code will not be executed and the HTML will not be sent to the user.

It's possible that there is an error when executing your PHP code, that would prevent it from going through the rest of the file.
Using your browser's Developer Tools, check the contents of the HTML that was returned, it's possible that the last line could be an error message. If you have erorr_reporting off then it would write to your error log only.
/var/log/apache2/error.log is a common location for the error log file if you are using Apache on a Linux machine.
As a side note, that code you have is very dangerous, do not use data sent from the client directly in a SQL statement, you need to sanitize otherwise you make your web app vulnerable to SQL injection.
Consider using a prepared statement
http://php.net/manual/en/pdo.prepare.php

Try:
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
I think setting the top margin to -800px will cause it to disappear from the screen.
Also, make sure your image is of .jpg.

PHP login script 404 error

I used a login script tutorial here: http://www.astahost.com/info/tilltf-simple-login-script-simple-secure-login-script.html and when I clocked login, there was a 404. When i went back, I was logged in. I followed the the tutorial exactly as it said. Any idea why it is going to this weird page?
<?php
session_start();
require_once 'database.php';
if (isset($_SESSION['user'])){
echo "Welcome ".$_SESSION['user'];
?>
<form name="logout" method="post" action="logout.php">
<input type="submit" name="logout" id="logout" value="Logout">
</form>
<br /><form name="news" method="post" action="news.php">
<input type="submit" name="news" id="news" value="News">
</form>
<?php
}
elseif(isset($_SESSION['admin'])){
echo"Welcome ".$_SESSION['admin'];
echo"<br><br>You are logged in as an Admin";
?>
<form name="logout" method="post" action="logout.php">
<input type="submit" name="logout" id="logout" value="Logout">
</form>
</form>
<?php
}else{
?>
<form name="login_form" method="post" action="login2.php">
<label>
<input name="user" type="text" id="user">ID<br />
<input name="pass" type="password" id="pass">Password<br />
</label>
<input type="submit" name="login" id="login" action="index.php" value="Login">
</label>
</p>
</form>
<form name="Register" method="post" action="reg.php">
<input type="submit" name="register" id="register" value="Register">
</form><br />
<form name="news" method="post" action="news.php">
<input type="submit" name="news" id="news" value="News">
</form>
<?php
}
?>

Glancing at the code you linked to, I noticed login2.php tries to redirect to Index.php in some cases, but to index.php (lowercase i) in other cases. It should be lowercase in both places. That might be the cause of your 404.

That tutorial has a couple header redirects:
header("location:Index.php");
and
header("location:index.php");
Make sure they're not supposed to be pointing to the same file, and make sure that file exists. It's logging you in, and then trying to redirect you to a file it can't find.

Depending on your type of server, this might cause problems:
if(mysql_num_rows($queryN) == 1) {
$resultN = mysql_fetch_assoc($queryN);
$_SESSION['user'] = $_POST['user'];
header("location:Index.php");
}
Specifically because the I in Index.php is capitalized, while all other references to the file utilize a lowercase i.
Also, this code is TERRIBLY formatted... but alas that's a different problem altogether.

Looking over the code at the link you provided, I see a likely cause. At the end of the login processing script, there's a call to header() which redirects back to the index page. One of them has different casing, and many web servers are case-sensitive by default:
header("location:index.php");
header("location:Index.php");
I'm guessing the lower case index.php is the correct one, so update your code accordingly.

just an added warning: the linked example has a serious security hole along these lines
$escaped_username = mysql_real_escape_string($username);
# make a md5 password.
$md5_password = md5($_POST['pass']);
$queryN = mysql_query("select * from user where username = '".$username."' and password = '".$md5_password."' AND level='1'");
$escaped_username is generated correctly, but the sql query still uses $username. this opens up the possibility to inject sql statements. be sure to change it.

Categories