I commented out PHP comments on my script. but they still appear on my webpage in HTML. Do you have any idea how do I fix this?
kind regards,
/*if (isset($_POST['submitted'])) {
//require_once is similar to 'include' but ensures the code is not copied multiple times
require_once('LoginFunctions.php');*/
this text appear on my webpage:
my whole script:
Here is my whole script so you can identify where the mistake is.
<link rel="stylesheet" href="style.css">
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
include 'Header.php';
?>
<style>
body
{
background-color:#FFFFC2;
alignment-adjust: central;
float: none;
background-image: url("images_1/sea-sanctuaries-siteimage01.jpg");
alignment-baseline: central;
-webkit-background-size: cover;
-moz-background-size: cover;
-o-background-size: cover;
background-size: cover;
height:100%;
}
#div_1 {
width: 40%;
hight: 80%;
background-color: bisque;
border: 5px;
border-radius: 25px;
}
#div_2 {
font-family: sans-serif;
padding-bottom: 10px;
padding-right: 50px;
margin-top: 5px;
margin-right: 50px;
}
</style>
<body>
<div id="container">
<br>
<?php
/*
if($_DEBUG)
{
ini_set('display_errors', 1);
ini_set('log_errors', 1);
ini_set('error_log', dirname(__FILE__) . '/error_log.txt');
error_reporting(E_ALL);
}
$page_title = 'Login';/* */
//in this page we do things slightly differently - the code for validation and displaying messages is done
//before we display the form
echo '<div id = "div_1><h1>Login</h1>';
//display the form
echo '<div id="div_2"><div id="div_2">
<form action="index.php" method="post">
<label>UserName<br>
<span class="small">enter your username</span>
</label>
<input type="text" name="UserName" value=""/>
<label><br>Password<br>
<span class="small">enter your password</span>
</label>
<input type="password" name="Password" />
<button type="submit" name="submit" value="Login" />Log in</button>
<input type ="hidden" name="submitted" value="TRUE">
</form>
</div>
</div>';
/* if (isset($_POST['submitted'])) {
//require_once is similar to 'include' but ensures the code is not copied multiple times
require_once('LoginFunctions.php');
//list() is a way of assigning multiple values at the same time
//checkLogin() function returns an array so list here assigns the values in the array to $check and $data
list($check, $data) = checkLogin($_POST['UserName'], $_POST['Password']);
if ($check) {
setcookie('FName', $data['FName'], time()+ 900 ) ; //cookie expires after 15 mins
setcookie('LName', $data['LName'], time() + 900 ) ;
//
//use session variables instead of cookies
//these variables should now be available to all pages in the application as long as the users session exists
$_SESSION['FName'] = $data['FName'];
$_SESSION['LName'] = $data['LName'];
$_SESSION['UserName'] = $data['UserName'];
//to enable $_SESSION array to be populated we always need to call start_session() - this is done in header.php
//print_r is will print out the contents of an array
//print_r($_SESSION);
//
//Redirect to another page
$url = absolute_url('Index.php'); //function defined in Loginfunctions.php to give absolute path for required page
$logged = true;
//this version of the header function is used to redirect to another page
header("Location: $url");//since we have entered correct login details we are now being directed to the home page
exit();
} else {
$errors = $data;
}
}
//create a sopace between the button and the error messages
echo'<div class="spacer"></div>';
if (!empty($errors)) {
echo '<br/> <p class="error">The following errors occurred: <br />';
//foreach is a simplified version of the 'for' loop
foreach ($errors as $err) {
echo "$err <br />";
}
echo '</p>';
}
//this is the end of the <div> that contains the form
echo '</div>';
/* */
?>
</div>
</body>
<?php
include 'Footer.php';
?>
comment them inside PHP code sections
<?php /* code here will not display in html */ ?>
<!-- code here will be visible (in view source) -->
If your php interpreter is not running there's no way to hide php code.
You forgot one " in the line
echo '<div id = "div_1><h1>Login</h1>';
which apparently causes it, somehow, to continue echoing what comes after.
Solution: add the missing " after the div_1
Related
Hello guys I am working on a freelance project and I faced with a problem I added some php codes in order to change paragraph elements visibility. the paragraph element which has to appear when user entered wrong username or password however paragraph element appears all the time
PHP SECTION
<?php
session_start();
require "db.php";
if ( !empty($_POST)) {
extract($_POST) ;
if ( checkUser($id, $pass) ) {
echo '<style>#wrong-password {display:none;margin-bottom: 5%;padding: 5%;width: 280px;font-family: "Montserrat", sans-serif;font-size: 1em;border-radius: 8px;border: 1px solid #ced4da;background-color: rgb(255, 23, 23);color: white;text-align: center;margin-top: 0;}</style>';
// you are authenticated
// session_start() creates a random id called session id.
// and stores in a cookie.
$_SESSION["user"] = getUser($id) ;
if($_SESSION["user"]["userType"]=='normal'){
header("Location: Analyzes.php?id=$id") ;
exit ;
}else {
header("Location: index.php") ;
exit ;
}
}
echo '<style> #wrong-password{visibility:visible; margin-bottom: 5%;padding: 5%;width: 280px;font-family: "Montserrat", sans-serif;font-size: 1em;border-radius: 8px;border: 1px solid #ced4da;background-color: rgb(255, 23, 23);color: white;text-align: center;margin-top: 0;}</style>';
}
HTML SECTION
<div id="form-container">
<h2>Hoşgeldiniz! 😺</h2>
<form action="?" method="POST">
<input type="number" name="id" placeholder="Kullanıcı Numarası">
<br>
<input type="password" name ="pass" placeholder="Parola">
<p id="wrong-password">Kullanıcı Adı veya Parola Hatalı :(</p>
<button type="submit" title="Giriş Yap">Giriş Yap</button>
</form>
</div>
Thanks in advance:)
I am setting 2 session variables and then called the header function.
(SecurityCheck.php)
$_SESSION['danger'] = "true";
$_SESSION['priviledgeError'] = "You do not have access";
header('Location: index.php');
However, when the header re-directs to the proper page, only one of the sessions retains its value, even though I never called any type of session unset method.
(index.php)
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " . isset($_SESSION['priviledgeError']);
line 63 index.php
danger session is:
priviledge session is: 1
I have checked through all relevant files for any places I may have called an unset function, and made sure session_start() is appended to the top of both pages.
I expect that both sessions will return "1" and not just one of them.
Entire Index.php file:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign-Up/Login Form</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/style2.css">
<style>
#userPass
{
padding; 20px;
}
#logIn
{
padding: 20px;
position:relative;
border-style: solid;
margin:auto;
background-color: white;
width: 390px;
height: 160px;
}
#log-in-header
{
position: absolute;
left:46%;
font-size: 35px;
color:black;
}
#submitButton
{
position: relative;
top: 83px;
width: 347px;
}
td
{
padding: 20px;
}
</style>
</head>
<!--ONLY runs when user has clicked LOG-IN-->
<body>
<div id='container'>
<?php
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " .
isset($_SESSION['priviledgeError']);
// die;
require 'header.php';
require 'messages.php';
?>
<br>
<p id='log-in-header'>
Log-In
</p>
<hr><br><br><br>
<form method="post" action="login.php">
<div id='logIn'>
<!-- <div id='userPass'>-->
<table style = "position: relative; bottom:
40px;">
<tr>
<td style='font-size: 20px'>Username:</td>
<td><input type="text" style='color:
black' name="userName" id='user' ></td>
</tr>
<tr>
<td style='font-size: 20px'>Password:</td>
<td><input type="password" style='color:
black' name="password" id='pass' ></td>
</tr?
</table>
<!-- </div>-->
<div id='submitButton'>
<input type="submit" class="btn btn-default"
style='color: black; font-size: 20px' value="Log In">
</div>
</div>
</form>
</div>
<!-- LOG-IN form ENDS -->
<!-- JS scrips-->
<script src="js/index.js"></script>-->
</body>
</html>`
UPDATE: added a new session entry, as well as a session deleteion to SecurityCheck.php
$_SESSION['danger'] = "true";
$_SESSION['priviledgeError'] = "You do not have access
unset($_SESSION['priviledgeError']);
$_SESSION['newSession'] = "hi";
header('Location: index.php');
Here is code in index.php:
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " .
isset($_SESSION['priviledgeError']);
echo "<br>new session is: " . $_SESSION['newSession'];
Here is result:
line 63 index.php
danger session is:
priviledge session is:
new session is: hi
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I've checked and re checked and I don't know what I'm doing wrong. No errors are showing up, it just directs me no where after I submit a login page.. any suggestions?
header:
<html>
<head>
<title><?php echo $title; ?></title>
<style type ="text/css">
#top_links a:link, a:visited{
width: 100%;
display: block;
font-weight: bold;
color: #FFFFFF;
background-color: black;
text-align: center;
padding: 4px;
text-decoration: none;
text-transform: uppercase;
border: none;
font-family: "Trebuchet MS", Helvetica, sans-serif;
}
#top_links ul{
display: table-row;
}
#top_links li{
display: table-cell;
margin: 0;
}
#top_links a:hover {
color: pink;
}
</style>
</head>
<body<div id="top_links">
<ul>
<li>Register</li>
<li>Login</li>
</ul>
</div>
LOGIN.php file:
<?php
require_once('../../../secure_files/mysql_connect.php');
$title = 'Login';
include_once('header.php');
if(isset($_POST['validate'])) {
$errors = array();
function validate_func($value, $msg, $val_type) {
global $link;
switch ($val_type) {
case 'string':
if(empty($value)){
$errors[] = "You forgot to enter your email ".$msg;
}else{
$value = mysqli_real_escape_string($link, trim($value));
}
break;
case 'password':
if(empty($value)) {
$errors[] = "You forgot to enter your email ".$msg;
}else{
$value = trim($value);
}
break;
case 'number':
if(!isset($value)||!is_numeric($value)) {
$error[] = "You forgot to enter ".$msg." or the value you entered is not a number.";
}else{
$value = trim($value);
}
break;
}
return $value;
}
$email = validate_func($_POST['email'], "email", "string");
$password = validate_func($_POST['password'], "password", "password");
if(!count($errors) != 0){
foreach($errors as $value) {
echo $value." <br />";
}
}else {
$select_guest = "SELECT GUEST_INFO_ID FROM GUEST_INFO WHERE EMAIL = '$email' AND PASSWORD = sha1('$password') LIMIT 1";
$exec_select_guest = #mysqli_query($link, $select_guest);
if(mysqli_num_rows($exec_select_guest) != 1) {
echo "You are not an authentic user, you are being directed to the registration page...";
mysqli_close($link);
header("Refresh:3; url='REGISTRATION_FORM&HANDLE.php'");
}else{
$one_record = #mysqli_fetch_row($exec_select_guest);
setcookie('GUEST_INFO_ID', $one_record[0], 0, '/', '', 0, 0);
echo "You are an authentic user";
header("Refresh:3; url='GUEST_MAIN_MENU.php'");
}
}
} else{
?>
<div id="LOGIN_MAIN">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method = "post" >
<div>
Email:<input type="text" name="email" id="email" />
</div>
<div>
Password:<input type='password' name='password' id='password' />
</div>
<div>
<input type='submit' name='submit' id='submit' value='Submit' />
<input type='reset' name='reset' id='reset' value='Reset' />
<input type="hidden" name="validate" ID="validate" value="Reset" />
</div>
</form>
</div>
<?php
}
include('footer.php');
?>
and my footer:
</body>
</html>
The reason is, that you echoed something before you set the headers.
Any header MUST be before any other output to be valid.
See the php-manual for header()
So remove
echo $value." <br />";
echo "You are not an authentic user, you a...";
or any output before the header-redirection and it'll work!
If you want to redirect AFTER the user has seen the response, you will have to work with a javascript redirection!
That would then be something like this:
<script>
// redirects after 3 seconds
setTimeout(function(){
window.location.href = "GUEST_MAIN_MENU.php";;
}, 3000);
</script>
Sidecomment:
Anyway, I would recommend to test the user credentials without loading a new (or the same) php-script again. Have a look at javascript ajax! Using this technique the user will stay on the same page and get a more immediate response that your app also can react to with messages and redirections.
I have exactly same code on my localhost,and it display's everything perfectly,so i copied file to server that im hosting on (000webhost.com) and now it didnt display image,when i open inspect element,it show's that image is there,and image is also uploaded to save folder with that file.Image is at the bottom of the file.
<html>
<head>
<style>
<!--
body{
background-color:black;
}
#form{
position:absolute;
top:180px;
left:37%;
border-radius:20px;
padding:10px;
padding-bottom:50px;
background-color:white;
z-index:1;
}
#login_b{
position:relative;
left:38px;
top:30px;
width:150px;
color:white;
background-color:#777777;
}
#header1 {
position:absolute;
top:115px;
left:39%;
text-shadow:10px 5px 5px #888888;
color:white;
z-index:2;
}
#header2 {
position:absolute;
left:20%;
top:-50px;
font-size:100px;
color: yellow;
}
#image1 {
height:77%;
position:relative;
top:280px;
}
-->
</style>
</head>
</body>
<?php
include 'scripts/config.php';
checkIfLoggedIn();
//error_reporting(0);
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$q = $dbc->prepare("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$query = $q->execute(array(
$username,
$password
));
$count = $q->fetchColumn();
if($count){
$_SESSION['Username'] = $username;
header('Location: main.php');
return;
} else {
echo '<font color="white">You have entered and incorrect login!</font>';
}
}
?>
<h1 id="header2">ARAM STATS!</h1>
<h1 id="header1">Admin login</h1>
<div id="form">
<form action="" method="POST">
Username:
<input type="text" name="username">
<br>
Password:
<input type="password" name="password">
<br>
<input type="submit" name="submit" value="Login" id="login_b">
</form>
</div>
<img src="/lolimage.jpg" id="image1">
</body>
</html>
Do i have to change something on the server? When i highlight it,it becomes blue: http://piclair.com/album but it doenst display it.Doesnt make any sense.
I don't have enough reputation to comment.
Where is located the image file ? If it's in the same directory of your page you should try
<img src="lolimage.jpg" id="image1">
You mention a "save folder", is it where are located your images ? If so you should add the directory to the path.
<img src="save/lolimage.jpg" id="image1">
Just add your sites base url before your image name.
This may help you
for example,
<img src="<your_sites_base_url>/<image_name>" />
There can be lot of reasons -
try to open the image directly by giving folder path in browser like : xyz.com/yourfolder/imagefolder/images.jpg . if you are able to see it then check the src you have given for image. It should be relative path. use src = "../path/image.jpg" based on location of you html/php file and image. If image is in same folder of the file that no need to add '/'
Currently i have a working PHP edit script, which allows users to edit ads they have posted, but I have realized that users can modify the ?id= number to bring up another set of data then edit someone else data and save it in the database.
Is there any way I can make it so that when the user clicks on their advert they have posted to edit, it is only their own ads that they access to, that they wont be able to edit other peoples ads by adjusting the id?= and a way of protecting the form from manipulation?
Here is my current code:
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $fname, $lname, $contact, $price, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<style type="text/css">
#page-wrap {
position:absolute;
top: 206px;
left: 288px;
width: 50%;
text-align:left;
background-color:#FFF;
padding: 10px;
border-radius: 10px;
box-shadow: 1px 2px 2px #888888;
}
</style>
<script type = "text/javascript">
function myfunction(url)
{
window.location.href = url;
}
</script>
</head>
<body>
<div class="container">
<div id="imagelogo" onclick = "window.location.href = 'index.html'" >
<p> Buy and sell stuff around University</p>
</div>
<ul id="navigation" name="navigation">
<li id="nav-home">Home</li>
<li id="nav-search">Search</li>
<li id="nav-selling">Selling</li>
<li id="nav-buying">Buying</li>
<li id="nav-FAQ">FAQ</li>
<li id="nav-contact">Contact</li>
<p> </p>
<p> </p>
<p> </p>
<p>Sponsors</p>
</ul>
<div id="account">
<?php
if( isset( $_SESSION['username'] ) ){
echo "<a href='securedpage1.php'>My Account</a><img src='images/uni-icon.png' width='30' height='18' style='vertical-align: middle;'/>";
}else{
echo "<a href='login.php' >Login</a><img src='images/uni-icon.png' width='30' height='18' style='vertical-align: middle;'/>";
}
?>
</div>
<div id="registerlogout">
<?php
if( isset( $_SESSION['username'] ) ){
echo "<a href='logout.php'>Logout</a>";
}else{
echo "<a href='register.php'> Register</a>";
}
?>
</div>
<div id="social">
<img src="images/fb-logo.png" width="22" height="20" />
<img src="images/twitter-logo.png" width="24" height="25" />
</div>
<div id="page-wrap">
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<strong>Ad Title: *</strong> <input type="text" name="fname" style="width: 60%; box- sizing: border-box; -moz-box-sizing: border-box; -webkit-box-sizing: border-box;"value="<?php echo $fname; ?>"/><br/>
<strong>Description: *</strong> <textarea name="lname" cols="45" rows="5"><?php echo $lname; ?></textarea><br/>
<strong>Contact*</strong> <input type="text" name="contact" style="width: 60%; box- sizing: border-box; -moz-box-sizing: border-box; -webkit-box-sizing: border-box;" value="<?php echo $contact; ?>"/><br/>
<strong>Price*</strong> <input type="text" name="price" style="width: 60%; box-sizing: border-box; -moz-box-sizing: border-box; -webkit-box-sizing: border-box;" value="<?php echo $price; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</div>
</div>
</body>
</html>
<?php
}
// Inialize session
session_start();
// connect to the database
include('conn.php');
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$fname = mysql_real_escape_string(htmlspecialchars($_POST['fname']));
$lname = mysql_real_escape_string(htmlspecialchars($_POST['lname']));
$contact = mysql_real_escape_string(htmlspecialchars($_POST['contact']));
$price = mysql_real_escape_string(htmlspecialchars($_POST['price']));
// check that firstname/lastname fields are both filled in
if ($fname == '' || $lname == '' || $contact == '' || $price == '' )
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $fname, $lname, $contact, $price, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE people SET price='$price', contact='$contact', fname='$fname', lname='$lname' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM people WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$fname = $row['fname'];
$lname = $row['lname'];
$contact = $row['contact'];
$price = $row['price'];
// show form
renderForm($id, $fname, $lname, $contact, $price, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
You need to record, in the database, the poster of each advert. This is just another column.
When an attempt is made to edit an advert (either for displaying the form or saving the result) you need to check that the owner of the advert matches the currently logged in user.
e.g. UPDATE adverts SET text=? WHERE id=? AND user=?
Set a session when they log in. Check if the session-username is the same as the username that is linked to the post they want to edit. If true, they can edit.
I suggest you query the database to check that the id the user is requesting is a id that he/she is allowed to access.
Keep it server side, store the id in a database, and call that number, this will stop them from being able to edit it.
md5 the id number code to each account and add that to the query. Make sure that the code matches the one associated with the account (so md5 the id and make sure it matches the one in the database) then add the stuff. This way no one can change the number and edit other accounts posts. The md5 algorithm is specific to your sever and not predictable.
$hash = md5( $id );
use this to create the code and associate this with the account and use it like the id in addition to the id. This means when you create the account you need to create an md5 version of the id as a field in the database next to the id.
Change this like:
mysql_query("UPDATE people SET price='$price', contact='$contact', fname='$fname', lname='$lname' WHERE id='$id'")
or die(mysql_error());
to
mysql_query("UPDATE people SET price='$price', contact='$contact', fname='$fname', lname='$lname' WHERE id='$id' and idCode='$hash'")
or die(mysql_error());
Just make sure you have a field in the database called idCode because the md5 is an encryption that is not reversible.