When i select my button in the form with the link to the processing page for the login it just returns a server error 500, i have not encountered this before and have had no luck on google.
Here is my HTML markup on the login page
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="styles.css">
<title>Administrator Login</title>
</head>
<body>
<div class="container">
<div class="header"><img src="IMAGES/LOGO.png" alt="Insert Logo Here" name="Insert_logo" width="" height="90" id="Insert_logo" style="background-color: #; display:block;" />
<!-- end .header --></div>
<div class="content">
<form action="loginProcess.php" method="post" class="loginForm">
<input type="text" id="username" name="username" placeholder="Enter Username" required>
<input type="password" id="password" name="password" placeholder="Enter Password" required>
<button type="submit" id="loginBTN" >Login</button>
</form>
</div>
</body>
</html>
And here is the code for my php process
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
//stores the search data
$username = $_POST['username'];
$password = $_POST['password'];
//checks to see if it is empty or null
if(isset($username) && !empty($username) && (isset($password) && !empty($password))){
require('includes/dbconx.php');
//escapes all special characters that could break database
$pword = mysqli_real_escape_string($con, $password);
$uname = mysqli_real_escape_string($con, $username);
//searchq stores the cleaned up search data
//create a variable to store a wildcard SQL statement
$sql = mysqli_query($con, "SELECT * FROM login WHERE username = '%$uname%' AND password = '%$pword%' ");
}//end statement
//if no data is inserted it will putput this
else{
echo("Please enter Login details!");
//this will kill the connection
die;
}
//end else
$result = $con->query($sql);
//if it finds no matching data it informs the user and kills the DB connextion
if(mysqli_num_rows($result) == 0){
echo("<p>No record found or password doesn't match! </p>");
die;
}
else{
header('Location: adminPage.php');
?>
</body>
</html>
Here is my connection, this works for the other pages as it should this.
<?php
//connects to my music database
$con=mysqli_connect("localhost","root","root","music");
//if it fails to connect it outputs this with an error number
if(mysqli_connect_errno()) {
echo "failed to connet to MYSQL:".mysqli_connect_error();
}
?>
Got time for that Beer?
This query is incorrect, you use the % character only when using the LIKE syntax, so query should be
$sql = mysqli_query($con, "SELECT *
FROM login
WHERE username = '$uname'
AND password = '$pword' ");
If you format your code more consistantly it will also help in spotting errors.
And as in my answer to your last question, check for errors after all mysqli_ calls. During development it will save you much time, as thats when we developers make little bobo's
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// this would be better at the top of the script
require('includes/dbconx.php');
// why do 2 steps when one would do
// also you have not checked these actually exist
// until the IF that follows these 2 lines
//$username = $_POST['username'];
//$password = $_POST['password'];
// empty() does an isset already so you only need the empty()
if( !empty($username) && !empty($password)){
$pword = mysqli_real_escape_string($con, $_POST['password']);
$uname = mysqli_real_escape_string($con, $_POST['username']);
$sql = mysqli_query($con, "SELECT *
FROM login
WHERE username = '$uname'
AND password = '$pword'");
// always check status after mysqli_query and other calls
// and at least output the error message
if ( $sql === FALSE ) {
echo mysqli_error($con);
exit;
}
} else {
echo("Please enter Login details!");
die;
}
$result = $con->query($sql);
if(mysqli_num_rows($result) == 0){
echo("<p>No record found or password doesn't match! </p>");
die;
} else {
header('Location: adminPage.php');
// header Location: shoudl always be followed by an exit;
// as header does not stop execution
exit;
} // add missing closing bracket
?>
</body>
</html>
Related
I'm trying to make a login system with hashed passwords.
What is supposed to happen is after I click on the submit button a session should be created and I should be redirected to home.php. If input data doesn't match the data inside the database I should get "Error 1" or "Error 2" alerts.
My problem is that when I click on a submit button all that happens is that I get redirected to login.php. I get no errors and no alerts, only blank screen with login.php URL.
I'm trying to figure how to make the password_verify() part work. Any kind of help is appreciated.
Picture of database: https://imgur.com/a/BXiHBN4
Picture of what happens after a login attempt: https://imgur.com/a/qKZ1tsi
Form code:
<html>
<head>
<title> Login now! </title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
</head>
<body>
<header>
<div class="alignRight">
Register
</div>
<div class="alignLeft">
Contact us
About us
News
</div>
</header>
<h1> Welcome back! </h1>
<h2> Log in to continue with your work. </h2>
<form name="login-form" id="login-form" action="login.php" method="post">
<input class="_40" type="text" name="username" pattern="[a-zA-Z0-9_]{1,15}"
placeholder="Username" required />
<br />
<input class="_40" type="password" name="pwd" placeholder="Password" required />
<br />
<input id="loginSubmitButton" type="submit" value="Submit" />
</form>
</body>
</html>
PHP code:
<?php
session_start();
$servername ="localhost";
$username = "root";
$password = "";
$link = mysqli_connect($servername, $username, $password);
mysqli_select_db($link, "users");
$username = mysqli_real_escape_string($link, $_POST["username"]);
$pwd = mysqli_real_escape_string($link, $_POST["pwd"]);
$query = "SELECT * FROM users WHERE Username = '$username'";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_assoc($result);
if(($result->num_rows > 0))
{
while($row = mysqli_fetch_array($result))
{
if(password_verify($pwd, $row["Hash"]))
{
$_SESSION["username"] = $username;
header("location:home.php");
}
else
{
echo '<script>alert("Error 1")</script>';
}
}
}
else
{
echo '<script>alert("Error2")</script>';
}
?>
I think I see the problem.
It looks like you're probably fetching the only row from the results before the if
$row = mysqli_fetch_assoc($result);
Then when you fetch again here, there's nothing left to fetch.
if(($result->num_rows > 0))
{
while($row = mysqli_fetch_array($result))
(I'm assuming the query will only return one row since username is unique.)
i want a create a congrats page ('congrats page')where users should be redirected to after submitting the form , even if they know the link to the 'congrats page' and they try accessing it without signning it should take them to a signup page
//signup.php (signup page)
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width
,initial-scale=1.0">
<link rel="stylesheet" type="text/css"
href="../css/signup.css">
<title></title>
</head>
<body>
<div id="container"> <!---------------------------- red------------------------------------------->
<div class="headerdiv">
<div class="imagediv">
</div>
</div>
<div id ="main">
<form action="../include/signup.inc.php" method="POST">
<input type="text" name="fname" placeholder="firstname">
<br>
<input type="text" name="lname" placeholder="lastname">
<br>
<input type="text" name="uname" placeholder="username">
<br>
<input type="email" name="email" placeholder="email">
<br>
<input type="password" name="pwd" placeholder="password">
<br>
<button type="submit" name="submit">submit</button>
</form>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])) {
include_once 'connect.php';
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uname = mysqli_real_escape_string($conn, $_POST['uname']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../php/signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uname='$uname'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../php/signup.php?signup=usertaken");
exit();
} else {
// hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO user (fname, lname, email, uname, pwd) VALUES ('$fname',
'$lname', '$email', '$uname', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../php/congrats.php");
exit();
}
}
}
}
} else {
header("Location: ../php/signup.php");
exit();
}
//////////////////////////////
/// the congrats page ('congrats.php')
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width
,initial-scale=1.0">
<link rel="stylesheet" type="text/css"
href="../css/congrats.css">
<title></title>
</head>
<body>
<p>REGISTRATION SUCCESS</p>
</body>
</html>
<?php
//connection to data base
$servername = 'localhost';
$username = 'root';
$password = 'root';
$database = 'webz';
$conn = mysqli_connect($servername, $username, $password, $database);
i want a create a congrats page ('congrats page')where users should be redirected to after submitting the form , even if they know the link to the 'congrats page' and they try accessing it without signning it should take them to a signup page
Try PHP $_SESSION, which is an associative array contains all the session variables available to the current script. Set the session variable whenever user successfully logged into the application and check it where you want to restrict the user to access the page without login.
<?php
session_start();
// to set the session variable // for e.g; user_id
$_SESSION['user_id'] = ''; // valid user_id.
// check the session variable // for congrats page
if(!empty($_SESSION['user_id'])){
// congrats page
}else{
header('Location: http://www.example.com/signup');
}
// session_destroy(); // use when user logs out.
You may use $_SESSION to do the job.
After the user signs up, you store something to the $_SESSION variable.
e.g.
session_start();
//after sign up
$_SESSION['signedup']=1;
And at the congrats page, check the variable
session_start();
if($_SESSION['signedup']){
//show the page
}else{
header('Location: http://www.example.com/signup');
}
Alright, SO. After about five hours of sifting through potential duplicates and applying would-be solutions to my project and even downloading a PHP IDE to make sure that my syntax is all nice and tidy for everyone.. I am finally at the point where I need some advice.
My two problems (which may be related):
When someone logs in, successfully with the test parameters I have stored in the DB, they are not redirected (maybe my if statement is not correct?)
When the page loads without first attempt, my "wrong password - username combination" message is displaying. I'm fairly certain as to why but not too sure how to fix it.
<?php session_start(); // this line of code has been added by the instruction of a comment.
if(isset($submit)) {
$username = $_POST['username'];
$password = $_POST['password'];
}
$con = mysqli_connect("***","***","***","***");
$S_username = mysqli_real_escape_string($con, $username);
$S_password = mysqli_real_escape_string($con, $password);
if(mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$S_username' AND `password` = '$S_password'");
if(!$sql) {
die(mysqli_error($con)) ;
}
$check_again = mysqli_num_rows($sql);
if($check_again == 1) {
session_start(); // this line of code has been deleted
$_SESSION['logged in'] = TRUE;
$_SESSION['username'] = $S_username;
header("Location: http://terrythetutor.com/submitvideo.php");
}
else {
echo "Your username and password combination was not recognised. Please try again." ;
}
?>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<?php include_once 'googleanalytics.php'; ?>
<body>
<a href="http://terrythetutor.com">
<div class="banner"> </div>
</a>
<?php include 'menu.php'; ?>
<h1 align="center">Please login to access restricted files</h1>
</br>
</br>
</br>
</br>
<div align="center">
<form action = "login.php" method = "post">
Username: <input type = "text" name = "username"></br></br>
Password: <input type = "password" name = "password"></br></br>
<input type = "submit" value = "Login" name="submit">
</form>
</div>
</body>
</html>
Any and all feedback is welcomed. Thank you.
use session_start(); only once and at the top ..
I making an Employee Management System and I have stuck at a point where the Super Admin needs to be logged in to check/alter the details of the employees.
The Super Admin is just a single person which will do everything. So I have manually inserted the details of the super admin into the database.
Here's the code and the page is called as superadmin.php:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>Employee Management System</title>
<link href="../styles/style-index.css" rel="stylesheet" type="text/css" media="screen"/>
<link href="styles/style-superAdmin.css" rel="stylesheet" type="text/css" media="screen"/>
</head>
<body>
<?php include_once("../php_includes/pageTop-template.php") ?>
<div id="pageContentforSuperAdmin">
<div id="content">
<div id="form-superAdmin" align="center">
<h3>Please Login Super Admin</h3>
<form id="superAdminForm" method="post" action="superadmin.php">
<input type="email" name="email" required class="txtInput" placeholder="Email..." autocomplete="off"/>
<br />
<input type="password" name="password" required class="txtInput" placeholder="Password..."/>
<br />
<input type="submit" name="submit" value="Enter" id="submit" />
</form>
</div>
</div>
</div>
<?php include_once("../php_includes/pageBottom-template.php") ?>
</body>
</html>
<?php
include_once("../php_includes/db-connect.php");
if (isset($_POST["submit"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$hash = password_hash($password, PASSWORD_DEFAULT);
//echo $password;
$hash_ver = password_verify($password, $hash);
$sql = "SELECT * FROM employee WHERE email='".$email."' AND password='".$hash."'";
$query = mysqli_query($con, $sql);
$rows = mysqli_fetch_array($query);
if ($rows["email"] == $email && $rows["password"] == $hash) {
header("Location: admin-index.php");
} else {
echo 'Incorrect Credentials';
}
}
mysqli_close($con);
?>
Now the Problem is that, I am just getting the output as Incorrect Credentials and I don't know the reason why is it so ? For the password, I have used the newly introduced password_hash for hashing it. I have copied and pasted the hash code directly in the database table.
Any help would be appreciated.
Aside from anything else, I'd suggest you try by replacing your if with this:
if (mysqli_num_rows($query) > 0) {
header("Location: admin-index.php");
} else {
echo 'Incorrect Credentials';
}
As you're already selecting from the database where the username and password match.
if ($rows["email"] == $email && $rows["password"] == $hash) {
should be changed to check if there is a record found or not for $query.
like:
if(mysql_fetch_array($query) !== false) {
I have written php script for user login but instead of displaying the result the whole script is being displayed.I have given a .php file link as an action for the login form.
I am using xampp with php and mysql running do I need anything else?
the code is :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<!-- Always force latest IE rendering engine (even in intranet) & Chrome Frame
Remove this if you use the .htaccess -->
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Ch</title>
<meta name="description" content="education,India,College search in india,score evaluator" />
<meta name="author" content="RAJATEJAS" />
<meta name="viewport" content="width=device-width; initial-scale=1.0" />
<!-- Replace favicon.ico & apple-touch-icon.png in the root of your domain and delete these references -->
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="apple-touch-icon" href="/apple-touch-icon.png" />
<style type = "text/css">
user_login , input
{
display = inline;
}
</style>
</head>
<body>
<div>
<header>
<h1>Ch</h1>
</header>
<nav>
<p>Home</p>
<p>Contact</p>
</nav>
<div class = "user_login_form">
<form action = "chalo_login.php" method="post">
<label>Username:</label><input id = "username" type = "text" name = "username" autofocus placeholder="Enter Username"/><br />
<label>Password:</label><input id = "password" type = "password" name = "password" placeholder="Enter Password"/><br />
<input name = "submit" type = "submit" value = "Login" />
</form>
</div>
<footer>
<p>© Copyright by RAJATEJAS</p>
</footer>
</div>
</body>
</html>
<?php
session_start();
$_POST['username'];
$_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","");
mysql_select_db("phplogin") or die("could not find database");
$query = mysql_query(SELECT * FROM users WHERE username = "$username");
$numrow = mysql_num_rows($query);
if ($numrows !=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row["username"];
$dbpassword = $row["password"];
}
if($username == $dbusername && $password == $dbpassword)
{
echo "You are logged in! ;
Click here";
$_SESSION["username"] = $dbusername;
}
else
{
echo "Incorrect password";
}
}else{die("Account does not exists");}
}
else
{
die ("Please enter details");
}
?>
You've got a few errors in your code, but I don't know if they're what are causing your problems.
Firstly in your CSS user_login should be #user_login to select elements with the ID "user_login". Then, display = inline; should be display: inline;.
In your PHP...
$_POST['username'];
$_POST['password'];
...doesn't do anything. I think you should have
$username = $_POST['username'];
$password = $_POST['password'];
And as Ethan mentioned in the comments above, your quotation marks are messed up:
echo "You are logged in! ;
Click here";
...should probably be:
echo "You are logged in! Click here";
(Escape your quotation marks inside quotation marks using a backslash).
Fix those errors and see if it works then...
Also: as LeleDumbo says above, make sure the page is being loaded through Apache rather than opened as a file. The URL should begin with something like 127.0.0.1 or localhost. If not, just put 127.0.0.1 into your address bar and browse to your file in the list that appears.
Another error- your SELECT statement needs to be a string:
$query = mysql_query("SELECT * FROM users WHERE username = '$username'");
Variables $username and $password are not assigned
if(isset($_POST['username'])
{
$username=$_POST['username'];
}
if(isset($_POST['password'])
{
$password=$_POST['password'];
}
and the select the correct database in the comment above you are saying that your database name is also "users" but you have selected "phplogin"