So i am not sure what to do anymore.
I've been trying to create a register/login system for my website. After a lot of struggeling my register now works but i can't yet login to it. I am pretty sure it is a $_session related problem.
So I have two files, one called get_users.php (i know it's a bad name) and one called cart.php. Neither of them has whitespace at the start.
What am i actually trying to do? I am trying to get my session to show up on cart.php.
get_users.php:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$con = new mysqli("localhost","root","","ismsite");
$query = ("SELECT name, comment FROM comments ORDER BY id DESC");
$result = mysqli_query($con, $sql, MYSQLI_BOTH);
session_start();
$_SESSION["user_id"] = $row["user_id"];
header('Location: cart.php');
exit();
?>
and at the start of cart.php
<?php
session_start();
include 'config/config.php';
echo $_SESSION["user_id"];
?>
I really am at my wits end here. I've searched this site but i could not find a solution to my problem. Anyone who knows what the problem is?
Additional info:
-Latest php installed
-I am running it on a virtual webserver that runs the latest ubuntu client with LAMP stack installed.
-Database works just fine
Thanks in advance
EDIT:
I changed $row["user_id"]; to $result["user_id"];
But it still doesn't show up
Try this
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
//for hashing passwords
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db,$username);
$password = mysqli_real_escape_string($db,$password);
$password = md5($password);
//Check username and password from database
$sql="SELECT userid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql)
or die("Error");
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $username; // Initializing Session
}else
{
$error = "Incorrect username or password.";
}
But you will have to tweak according to your table structure.
May be $_SESSION["user_id"] not set. You can test $_SESSION array by
print_r($_SESSION) or print_r($GLOBALS);
Related
I'm having problems with my log in php file. I completed my sign up form, which takes data and saves it in a database. I now want to be able to log in with the data from the db. This is my first log in form and I'm not sure if I have all the things needed to make it run or if there's just an error. A list of what is needed to make this log in form will help, Thank you. I would also like to mention that I have more data in the DB other than email/password.
<?php
$db = mysql_connect("127.0.0.1:3307", "root", "", "test");
if(!$db){die('could not connect:'.mysql_error());}
echo'connected successfully';
if (isset($_POST['submit'])) {
$username = $_POST['Email'];
$password = $_POST['Password'];
$username = mysql_real_escape_string($Email);
$password = mysql_real_escape_string($Password);
$sql = "SELECT * FROM people WHERE Email ='$Email' AND
Password='$Password'";
mysql_select_db('test');
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 1) {
echo "<script> alert('You Have Successfully Logged In')</script>";
exit();
} else {
echo "<script> alert('Invalid Username and/or Password')</script>";
}
}
mysql_close($db);
?>
You parse the POSTed EMAIL to your $username variable, but in your SELECT statement, you use a $Email variable. Perhaps this should have been your $Username variable instead, as this seems to hold your emailadress.
So your problem is in mixing of email and username. Correct this and your script should work.
I was working on a register/log in page with a database (first time)
Whenever I register my user, I get the following information in the database:
It is giving me something like a password, but it won't give me my username and email (and i guess password aswell)
Can anyone help me with this?
My php code looks like this:
<?php
session_start();
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'toolsforever');
if (isset($_POST['login_btn'])) {
$username = $db->real_escape_string($username);
$password = $db->real_escape_string($password);
$password = md5($password); // hashed
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['message'] = "You are now logged in";
$_SESSION['username'] = $username;
header("location: home.php"); //redirect to home page
}else{
$_SESSION['message'] = "Username/password combination incorrect";
}
}
?>
Thanks in advance
PS: Password2 = confirm password for registration password==password2 before they can register.
You are not getting the values from post array so do it like this:
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
I assume the form fields are names as username and password
It's not just related to retrieval, seems like you need to check the save operation as well. You are storing empty values during registration.
That one worked #danyal Sandeelo. I feel incredible stupid because i've tried an $_POST but i did it like: $username = $_POST['username']; $username = $db->real_escape_string;
When I coded my php login system (In MySQLi), I get an error that do not actually checks if username or password is wrong, idk what to do abot this. Please help me out here.
<?php
// If logged in
if(isset($_SESSION['user_id'])) {
header('Location: index.php');
}else {}
//error_reporting(0);
//MySQLi Login form
//Database connection
$con = mysqli_connect('localhost', 'root', '', 'console');
//Actual Login form
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
?>
Also i got a check.php that redirects you to /notloggedin.php if not logged in, but IF the user is logged in it will display their User_ID, but when user logsIn with wrong details then go to check.php it does not show anything and it does not redirect the users to /notloggedin.php.
So what do I do with that? Is there something I forgot to add, or something i did wrong???Can you write a example if you have any ideas?? Thanks.
EDIT:
Now instead of using MySQLi I got an idea from #christoandrew, so i made everything into functions. What the functions tells the system to do is its gonna check for the username first, if the username exists its gonna make a $_SESSION()for the username. Then again using the $_SESSION() to find the User_ID to the username then its gonna look for the password for the same User_ID. Then when its checked everything it will destroy all 'Sessions' it made and create a $_SESSION() for all information like User_ID, Email, Username, Password, Etc... Thanks for all the help i got in my way!
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
// Try checking if there are actually rows that are returned
// If the rows are greater than zero then the user exists else the
// user supplied wrong credentials
if(mysqli_num_rows($row) > 0){
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
// The else block below is not necessary and the validation is misplaced
}
you need start the session:
session_start();
I have a login system that works fine on my localhost. When I uploaded it to my live database I can create a user and it will input the data into the database, but when I try to login it doesn't seem to find the password. When I echo the values from the live database it gives nothing for $realpass['password'];
$username = mysql_real_escape_string($username);
$conn = mysql_connect($_SESSION['db_name'], $_SESSION['db_username'], $_SESSION['db_password'] );
mysql_select_db($_SESSION['db_table'], $conn);
//Get Password
$query = "SELECT `password` FROM `user` WHERE email_address='$username';";
$result = mysql_query($query);
$realpass = mysql_fetch_array($result);
if(sha1($password)!=$realpass['password'])
{
echo "Error! Invalid username or password, please try again.<br/>";
echo sha1($password)."<br/>";
echo $realpass['password'];
}
else
{
$_SESSION['uname'] = $name;
$_SESSION['valid_user'] = $username;
$_SESSION['user_id'] = $user_id;
header('Location: index.php');
}
In this depreciated case, I believe you are calling fetch array incorrectly.
Either use
mysql_fetch_array($result)[0]
or
mysql_fetch_row($result)[0]
To reference by name you need
mysql_fetch_assoc
The problem was $username = mysql_real_escape_string($username); is deprecated.
I changed it to $username = mysqli_real_escape_string($username); and it works fine
I do a lot of work using PHP frameworks but I am now building a simple login system from scratch and I am stumped. I am using PDO for my database queries. I have a simple login form which points to the same page using $_SERVER['PHP_SELF']. Then I have this code...
<?php
//LOG IN
if($_POST['login_submit']){
$username = $_POST['username'];
$password = $_POST['password'];
//Query
$database->query("SELECT * FROM users WHERE username = :username AND password = :password");
$database->bind(':username',$username);
$database->bind(':password',$password);
$rows = $database->resultset();
$count = count($rows);
if($count > 0){
session_start();
//Assign session variables
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['logged_in'] = 1;
} else {
$login_msg[] = 'Sorry, that login does not work';
}
}
When I login, its fine. It starts the session. But as soon as I go to another page the session is broken. I suspect maybe cause the session_start() is in the if($_POST['login_submit']) condition. But I could sware Ive done it like this before. Any help would be awesome..thanks!
The first line of your code...
if($_POST['login_submit']){
Only, if you submit your login form, the session is started.
And, on all other pages, you have to call session_start() ...