I am working on localhost and trying to create a login system but my session is not starting, here is my php code
if(isset($_POST['_submit'])){
session_start();
if(empty($_POST['_email']) || empty($_POST['_password'])){
echo "<script>window.alert('Invalid User EMAIL or PASSWORD!')</script>";
}
else{
$email = $_POST['_email'];
$password = $_POST['_password'];
$select_user = "SELECT email,password FROM signup WHERE email='$email' AND password='$password'";
$query = mysqli_query($conn,$select_user);
$rows = mysqli_num_rows($query);
if($rows>0){
$_SESSION['user_email'] = $email;
header('Location: ../index.php');
}
else{
echo "<script>window.alert('Invalid User EMAIL or PASSWORD!')</script>";
}
}
}
and after session start i want to change in html code, here is my code
<?php if(!empty($_SESSION['user_email'])){ ?>
<li>Logout</li>
<?php } else { ?>
<li>Login</li>
<li>Sign Up</li>
<?php } ?>
here is my html code of login system
<div class="outside">
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-user" for="email"></label>
<div class="control-label col-sm-8">
<input type="_email" name="_email" class="form-control" id="email" placeholder="Enter Email">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-lock" for="password"></label>
<div class="control-label col-sm-8">
<input type="password" name="_password" class="form-control" id="password" placeholder="Enter Password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-3">
<button name="_submit" type="submit" class="btn btn-default" >Login</button>
</div>
</div>
</form>
<p>Not a User? Sign Up</p>
</div>
Thanks,
You also need to start the session where you need to work with session
<?php
session_start();
if(isset($_SESSION['somekey']))
{
//code here
}
declare session_start() before the <html> tag. see if it works.
session_start() needs to be outside of your if-statement and is usually always run before any of your PHP code will execute.
session_start();
if(isset($_POST['_submit'])){
Put session_start() at the top of all your PHP files where you want to check any session data. If you have a centralized config file just put it in there.
Related
I am learning to program in PHP and I have a problem, I want to write in a html tag from php in different files, but I don't get how to do it. This is my code:
index.php
<form action="back_end_files/ControllerUsuarios.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email"
onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
Here i want to write the message
<div>
<p id="status"></p>
</div>
controllerUsuarios.php
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
session_start();
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
else{
$alert = "Email or password incorrect";
}
}
basically. post to the same index file is easiest, redirect if authenticated, otherwise just show the form again.
index.php
<?php
// include your login functions...
require 'back_end_files/controllerUsuarios.php';
if(logged_in()) {
// already logged in.
header("Location: https://localhost/logged.php");
} else {
// this will redirect if authenticated.
loginCase();
}
?>
<form action="index.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email" onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
back_end_files/controllerUsuarios.php
/**
* check logged in now
*
* #return boolean if logged in.
**/
function logged_in() {
session_start();
return !empty($_SESSION['active']);
}
/**
* log in the user and goto the next page or show form again.
*
* #return void
**/
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
// only try to authenticate if the data is set.
if(!empty($_POST['vEmail']) && !empty($_POST['vPass'])) {
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
}
// did not authenticate, so show the form again.
return false;
}
PHP File
<?php
session_start();
include 'dbconnect.php';
$emailuid = $_POST['emailuid'];
$pwd = $_POST['pwd1'];
$sql = "SELECT * FROM users WHERE uid='$emailuid' AND pwd='$pwd' OR
email='$emailuid' AND pwd='$pwd'";
$result = $result = $conn->query($sql);
if(!$row = $result->fetch_assoc()){
echo "Your Username or Password does not match";
}else{
$_SESSION['user_id'] = $row['user_id'];
header("Location: home.php");
}
?>
Html File
<div class="container">
<div class="jumbotron">
<div class="form-group">
<h1>Login</h1>
</div>
<form class="form-horizontal" action="login.php" method="post">
<div class="form-group input-group pb-modal-reglog-input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
<input class="form-control" name="emailuid" placeholder="Email or Username">
</div>
<div class="form-group input-group pb-modal-reglog-input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" class="form-control" name="pwd1" placeholder="password">
</div>
<div class="form-group">
<label>
<input type="checkbox">
Remember me.
</label>
</div>
<div class="form-group">
<button class="btn btn-primary col-lg-12" type="submit" name="btn_submit">Login</button>
</div>
<div class="form-group">
Forgot password?
</div>
</form>
</div>
</div>
</div>
`
Here's the code. Can someone please help me with this? Both codes are separate files, login.php and index.php now I want to display the error message inside my modal under the password input how will I do this? Thanks. I'm using bootstrap by the way and I'm still new to this together with php.
You can put the two files (php,html) submit the form to the same index.php then put condition statement to check if post request was made if it has then enter the checking block of your php code. Do the same checking in your html with inline php and if its post then check if it was sucessfull and display your message accordingly.
Without ajax i think this is the only solution i can think of
Hello guys After I login It redirect in a certain page but when I press back in browser I want to redirect it into my certain page not login page again. Thank you for helping me guys this problem takes me 4hrs and continuing Thank you!!!
index.php
<div class="container">
<div class="margin-top">
<div class="row">
<div class="span12">
<div class="login">
<div class="log_txt">
<p><strong>Please Enter the Details Below..</strong></p>
</div>
<form class="form-horizontal" method="POST">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="username" placeholder="Username" required>
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="password" placeholder="Password" required>
</div>
</div>
<div class="control-group">
<div class="controls">
<button id="login" name="submit" type="submit" class="btn"><i class="icon-signin icon-large"></i> Submit</button>
</div>
</div>
<?php
if (isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysqli_query($dbcon,"SELECT * FROM users WHERE username='$username' AND password='$password'")or die(mysqli_error());
$num_row = mysqli_num_rows($result);
$row=mysqli_fetch_array($result);
if( $num_row > 0 ) {
?>
header('location:attendance.php');
$_SESSION['id']=$row['user_id'];
}
else{ ?>
<div class="alert alert-danger">Access Denied</div>
<?php
}}
?>
</form>
</div>
</div>
</div>
</div>
</div>
You can maintain the session, if session is valid u can return the user to Homepage else return to Login page.
Your best bet is to check to see if the user is logged in right at the top of your script and redirect them at that point instead of rendering you page.
And look into escaping your inputs against SQL injection before you put this where people can get to it.
<?php
if(!empty($_SESSION['id']))
{
header('Location: attendance.php');
}
?>
At the head of your file should do it.
After submit in signup page my signUp page redirects to info.php where I want to collect additional info of user using email id he gives on signup page but when I tried to get the email id of user through sessions, session return empty value.
THIS IS MY SIGNUP CODE
<?php
session_start();
if(isset($_POST['submit'])){
$name= $_POST['_user'];
$email = $_POST['_email'];
$pass = $_POST['_password'];
//Insert Data
$sql = "INSERT INTO signup(name,email,password)
VALUES('$name','$email','$pass')";
//Data Validation
if(mysqli_query($conn,$sql)){
echo "<script>alert('SignUp Successfull')</script>";
$_SESSION['user_email'] = $email;
header('Location: info.php');
}
else{
echo "<script>window.alert('You are already a user.')</script>";
}
}
mysqli_close($conn);
?>
AND THIS MY INFO.PHP CODE
<?php
session_start();
if(isset($_POST['_submit'])){
if(empty($_POST['_address']) || empty($_POST['_country']) || empty($_POST['_number']) || empty($_POST['_cnic']) || empty($_POST['_passport'])){
echo "<script>window.alert('All fields are required')</script>";
}
else{
$address = $_POST['_address'];
$country = $_POST['_country'];
$number = $_POST['_number'];
$cnic = $_POST['_cnic'];
$passport = $_POST['_passport'];
$email=$_SESSION['user_email'];
$query = "INSERT INTO info(email,address,country,mobile,cnic,passport)
VALUES('$email','$address','$country','$number','$cnic','$passport')";
if(mysqli_query($conn,$query)){
header('Location: ../index.php');
}
else{
echo "<script>window.alert('Error While Entering the data!.')</script>";
}
}
}
mysqli_close($conn);
?>
In addition I use this global session variable for login page and it works fine.
UPDATE
SIGNUP HTML CODE
<div class="outside">
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-user" for="name"></label>
<div class="control-label col-sm-8">
<input type="text" name="_user" class="form-control" id="name" placeholder="Full Name">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="email">
<img class="glyphicon1" src="../assests/at-sign.png">
</label>
<div class="control-label col-sm-8">
<input type="email" name="_email" class="form-control" id="email" placeholder="Enter Email">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-lock" for="password"></label>
<div class="control-label col-sm-8">
<input type="password" name="_password" class="form-control" id="password" placeholder="Enter Password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-3">
<button name="submit" id="submit" value="Upload" type="submit" class="btn btn-default">Confirm SignUp</button>
</div>
</div>
<p>Already a User? LogIn</p>
</form>
</div>
Use this for Returns the auto generated id used in the last query
mysqli_insert_id($link)
I am trying to create a simple login experience on my website. The data is being taken from phpmyadmin. I'm having trouble and not really sure exactly where I'm going wrong. I'm looking to keep this as simple as possible for now, just to get it started.
HTML
<div class="container">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="well well-sm">
<form class="form-horizontal" action="" method="post">
<fieldset>
<legend class="text-center">Sign In</legend>
<!-- Message body -->
<div class="form-group">
<label class="col-md-4 control-label" for="Username">Username</label>
<div class="col-md-8">
<input id="username" name="username" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="Password">Password</label>
<div class="col-md-8">
<input id="password" name="password" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<!-- Form actions -->
<div class="form-group">
<div class="col-md-12 text-right">
<button onClick="return validateForm()" type="submit" class="btn btn-primary btn-lg">Submit</button>
` </div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
PHP
session_start();
$username=$_POST['username'];
$password=$_POST['password'];
// Connection
$conn = mysql_connect("localhost", "root", "MIS42520!$") or die (mysql_error());
//Select the database to use
mysql_select_db ("cookie", $conn);
// SQL query to fetch information of registerd users and finds user match.
$sql = mysql_query("select * from login where password='$password' AND username='$username'", $connection);
$result = mysql_query($sql, $conn) or die(mysql_error());
$row = mysql_fetch_array($sql);
if(is_array($row)) {
$_SESSION["username"] = $row[username];
$_SESSION["password"] = $row[password];
} else {
$message = "Invalid Username or Password!";
}
if(isset($_SESSION["user_id"])) {
header("Location:user_dashboard.php");
}
I think this is your problem as I notice your form action is target on same page.
if(isset($_POST['username']) && isset($_POST['password'])){
//grab all your php code here
}
And please dont use mysql_* function since it was deprecated