I am having problems displaying my users information that they inputted at sign up once they have logged in again. Once I sign up the information will be displayed properly on my account page but when I log out and log back in the information disappears. How can I access the information for when my users login?
This is my user sign up.
<?php
include 'global_settings.php';
function NewUser() {
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$query = "INSERT INTO userlogin (firstName, lastName, email, username, password) VALUES ('$firstName', '$lastName', '$email', '$username', '$password')";
$data = mysql_query ($query)or die(mysql_error());
if($data) {
session_start();
$_SESSION["firstName"] = $firstName;
$_SESSION["lastName"] = $lastName;
$_SESSION["userName"] = $username;
$_SESSION["email"] = $email;
header("Location: ../chooseyoursport.php");
}
}
NewUser();
function SignUp() {
if(!empty($_POST['username'])){ //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
$query = mysql_query("SELECT * FROM userlogin WHERE Username = $username AND Password = $password") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error())) {
newuser();
} else {
echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
}
}
}
if(isset($_POST['submit'])) {
SignUp();
}
?>
This is my user login.
<?php
error_reporting(0);
session_start();
include 'global_settings.php';
//Convert POST to normal variables
$password = $_POST['password'];
$username = $_POST['username'];
$sql = mysql_query("SELECT * FROM userlogin WHERE Username='$username' AND Password='$password'");
$login_check = mysql_num_rows($sql);
// if login_check is greater than 0 then it will register a session (meaning if the user exists username and password are both correct)
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val){
$$key = stripslashes($val);
}
session_start();
$_SESSION["firstName"] = $firstName;
$_SESSION["lastName"] = $lastName;
$_SESSION["userName"] = $username;
$_SESSION["email"] = $email;
header("Location: ../chooseyoursport.php");
//echo "It worked";
}
} else {
echo "You could not be logged in! Either your username or password is incorrect <br> Please try again!";
}
?>
1) $$key = stripslashes($val); Double $$
2) Data which you are putting into $_SESSION is empty;
3) session_start(); 2 times in one program's space
4) And everything else that the guys have said above
foreach( $row AS $key => $val){
$$key = stripslashes($val);
}
session_start();
$_SESSION["firstName"] = $firstName;
$_SESSION["lastName"] = $lastName;
$_SESSION["userName"] = $username;
$_SESSION["email"] = $email;
header("Location: ../chooseyoursport.php");
Related
I have this registration form that a user fills out and it sends to another page that adds the information in my database. Is there a way that after the person registers I can send the username and password to the sign-in page and it logs them in automatically?
this is the code that adds into my database after a user has registered:
require "connection.php";
session_start();
if ($_POST['firstname'] != "" && $_POST['lastname'] !="" && $_POST['email'] != "" && $_POST['username'] !="" && $_POST['password'] !="")
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = $_POST['username'];
$query1="SELECT * FROM users WHERE username = '$username' ";
$username = mysqli_real_escape_string($conn,$username);
$password = mysqli_real_escape_string($conn,$password);
$firstname = mysqli_real_escape_string($conn,$firstname);
$lastname = mysqli_real_escape_string($conn,$lastname);
$email = mysqli_real_escape_string($conn,$email);
$result = mysqli_query($conn,$query1)
or die(mysqli_error($conn));
if(mysqli_num_rows($result) != 0)
{
$_SESSION['er_firstname'] = $firstname;
$_SESSION['er_lastname'] = $lastname;
$_SESSION['er_email'] = $email;
header("Location: index.php/?a=1");
}
else {
unset($_SESSION['er_firstname']);
unset($_SESSION['er_lastname']);
unset($_SESSION['er_email']);
$query = "INSERT INTO users (firstname, lastname, password, username) VALUES ('$firstname','$lastname','$email','$password', '$username')";
$data = mysqli_query($conn,$query)or die(mysqli_error($conn));
header("Location: index.php/?a=2");
}
}
?>
And this is my login code that when I user normally enters there username and password to log in:
<?php
session_start();
$username = $_POST['username']; //either username or email
$password = $_POST['password'];
if($username=="" || $password == "")
{
header("Location: index.php");
}
require "connection.php";
if(!empty($username) && !empty($password)) {
$username = mysqli_real_escape_string($conn,$username);
$password = mysqli_real_escape_string($conn,$password);
$query = "SELECT * FROM users WHERE username = '$username' OR email = '$username' AND password = '$password'";
$data = mysqli_query($conn,$query);
if($data) {
if (mysqli_num_rows($data) == 1 ) {
$row = mysqli_fetch_assoc($data);
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: http://home");
}
else {
header("Location: index.php/?i=1");
exit();
} }
else {
die("Query failed");
}
}
else {
$_SESSION['message'] = "Please enter a email and password";
header("Location: index.php");
exit();
}
So is there a way to send add.php to login.php, I tried switching the add.php header location to login.php but it didnt work.
You could bypass the entire login screen. You can just apply login logic into your registration processing.
This would involve adding three lines of code by the looks of it.
$_SESSION['id'] = mysqli_insert_id($conn);
$_SESSION['username'] = $row['username'];
header("Location: http://home");
The following code does not work:
Login Page:
if (isset($_POST['login'])) {
$name = $mysqli->real_escape_string($_POST['name']);
$pass = $_POST['pass'];
$query = "SELECT * FROM users WHERE name='{$name}'";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if(password_verify($pass, $row['pass'])){
$_SESSION['logged'] = true;
$_SESSION['name'] = $row['name'];
$_SESSION['pass'] = $row['pass'];
//header('Location: index.php');
echo "Workded";
} else {
echo "Crypt Not Matching";
}
}
}
}
Code used to insert into database:
if (empty($e1)) {
$password = password_hash($pass, PASSWORD_BCRYPT);
if ($mysqli->query("INSERT into users (name, pass, email, gamertag, psnid, youtube, fbauth) VALUES ('$username', '$password', '$email', '$xbox', '$psn', '$youtube', '$fbid')")) {
session_start();
$_SESSION['logged'] = true;
$_SESSION['name'] = $username;
$_SESSION['pass'] = $password;
header('Location: index.php');
}
}
Can anyone point out what I'm doing wrong?
1 - debug the $_POST var and check if its being passed correctly from the HTTP POST request
var_dump($_POST);
2 - debug the result of the database, in the foreach loop, and check if you're retrieving the information from the db correctly
while($row = $result->fetch_assoc()) {
var_dump($row);
}
3 - test if password_hash and password_verify are working correctly.
$pwd = 'some_password';
$hash = password_hash($pwd, PASSWORD_BCRYPT);
var_dump(password_verify($pwd, $hash);
I have a login page that allow user to submit a registered email and password and if the data is correct then the system redirect to the profile page and here i face the problem .
when I try to submit the write data the system do not redirect me to the profile page .
but if I echo a confirm message that the data are correct the browser display this message
how to fixx this problem ???
login.php
<?php
session_start();
error_reporting(E_ALL);
require_once('include/connect.php');
$message = "";
if(!empty($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
//$pass = md5($pass);
$sql=mysql_query( "SELECT user_id, email_address, first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1") or die("error in user table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
//$message = "correct email and passworddd!!";
header("Location: profile.php");
}//close if
else
{
$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
profile.php
<?php
session_start();
require_once('include/connect.php');
if(isset($_GET['user_id']))
{
$id=$_GET['user_id'];
var_dump($id);
}
elseif(isset($_SESSION['user_id']))
{
$id= $_SESSION['user_id'];
}
else
{
print "Important data are missing";
print_r($_SESSION);
exit();
}
$sql = mysql_query("SELECT * FROM user WHERE user_id='$id'") or die(mysql_error());
$row = mysql_fetch_array($sql);
$firstname=$row['first_name'];
$lastname=$row['last_name'];
$birth_date=$row['birth_date'];
$registered_date=$row['registered_date'];
//***************for upload img*****************//
$check_pic="members/$id/image01.jpg";
$default_pic="members/0/image01.jpg";
if(file_exists($check_pic))
{
$user_pic="<img src=\"$check_pic\"width=\"100px\"/>";
}
else
{
$user_pic="<img src=\"$default_pic\">";
}
echo $id, $firstname, $birth_date;
?>
Easy :) Just put all this code on the top of content and be sure that there is no any content on the page where header("Location: profile.php"); is working, because if there is something it can't be loaded. I also recommend to use exit; after header("Location: profile.php");
i have a login page that allow user to enter email and password then submit and the system check if data is correct it display the profile page and if not it display a message inform the user that the data are not correct .
but the problem is that if i put header("Location:profile.php"); the system do not work
but if i echo a message that inform user that the data are correct the browser display this message without any problem
login.php
<?php
session_start();
ob_start();
error_reporting(E_ALL);
require_once('include/connect.php');
//$message = "";
if(!empty($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
//$pass = md5($pass);
$sql=mysql_query( "SELECT user_id, email_address, first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1") or die("error in user table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
//$message = "correct email and passworddd!!";
header("Location:profile.php");
exit();
}//close if
else
{
//$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
profile.php
<?php
session_start();
require_once('include/connect.php');
if(isset($_GET['user_id']))
{
$id=$_GET['user_id'];
var_dump($id);
}
elseif(isset($_SESSION['user_id']))
{
$id= $_SESSION['user_id'];
}
else
{
print "Important data are missing";
print_r($_SESSION);
exit();
}
$sql = mysql_query("SELECT * FROM user WHERE user_id='$id'") or die(mysql_error());
$row = mysql_fetch_array($sql);
$firstname=$row['first_name'];
$lastname=$row['last_name'];
$birth_date=$row['birth_date'];
$registered_date=$row['registered_date'];
//***************for upload img*****************//
$check_pic="members/$id/image01.jpg";
$default_pic="members/0/image01.jpg";
if(file_exists($check_pic))
{
$user_pic="<img src=\"$check_pic\"width=\"100px\"/>";
}
else
{
$user_pic="<img src=\"$default_pic\">";
}
echo $id, $firstname, $birth_date;
?>
use ob_end_flush() before php close tag ?>
you can use javascript there to redirect on profile page. because if any small mistake like printing before or any space php header() function can cause some problem.. so better user javascript there.
check with bellow code
?>
<script>
window.location.href="profile.php";
</script>
<?
I have doubt in this line of profile.php
require_once('include/connect.php');
If path of profile.php is faulty, you have to change things in your
header(Location: "xyz/profile.php");
Please check that this relative path is correct!
Try this.
<?php
session_start();
ob_start();
error_reporting(E_ALL);
require_once('include/connect.php');
//$message = "";
if(isset($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email1 = mysql_real_escape_string(strip_tags($email));
$pass1 = mysql_real_escape_string(strip_tags($pass));
//$pass = md5($pass);
$sql = mysql_query("SELECT user_id, email_address, first_name FROM user WHERE email_address='$email1' AND password='$pass1' LIMIT 1") or die("error in user table");
$login_check = mysql_fetch_assoc($sql)
if($login_check)
{
$row = $login_check;
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
//$message = "correct email and passworddd!!";
header("Location: profile.php");
exit();
}//close if
else
{
//$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
im a newbie in php and sql programming and can someone help me in my syntax , lately ive been creating this code to edit my user and write it on the database but it always gets an error in oldpassword and password , and it always says password didnt match even if i do it correctly the process , any help on me ? tnx
<?php
$update = strip_tags($_POST['update']);
$username = strtolower(strip_tags($_POST['username']));
$oldpassword = strip_tags($_POST['oldpassword']);
$newpassword = strip_tags($_POST['newpassword']);
$firstname = strip_tags($_POST['first']);
$lastname = strip_tags($_POST['last']);
$gender = strip_tags($_POST['gender']);
$address = strip_tags($_POST['address']);
$zipcode = strip_tags($_POST['zip']);
$contact = strip_tags($_POST['con']);
$email = strip_tags($_POST['mail']);
error_reporting(0);
if($update)
{
if($username&& $oldpassword && $newpassword && $firstname && $lastname && $address && $zipcode && $contact && $email)
{
$connect = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("brightlights") or die(mysql_error());
$updatecheck = mysql_query("SELECT * FROM username FROM tb_user WHERE username='$username'");
$count = mysql_num_rows($updatecheck);
if($count<=1)
{
if($_SESSION['password']==($oldpassword))
{
mysql_query("UPDATE tb_user SET
username = '$username',
password = '$newpassword',
Firstname = '$firstname',
Lastname = '$lastname',
gender = '$gender',
address = '$address',
zipcode = '$zipcode',
contact = '$contact',
email = '$email'
WHERE username='".$_SESSION['username']."'");
$_SESSION['username'] = $username;
$_SESSION['password'] = $newpassword;
$_SESSION['Firstname'] = $firstname;
$_SESSION['Lastname'] = $lastname;
$_SESSION['gender'] = $gender;
$_SESSION['address'] = $address;
$_SESSION['zipcode'] = $zipcode;
$_SESSION['contact'] = $contact;
$_SESSION['email'] = $email;
session_write_close();
echo "Succesfully Updated!";
}else
echo "Password not match!";
}else
echo "Username already Taken!";
}else
echo "Please fill up all form!";
}
?>
if($_SESSION['password']==($oldpassword))
But I can't see session_start() after <?php
I think $_SESSION['password'] is an encrypted password that doesn't match. Please echo $_SESSION['password'] and $oldpassword and exit, and check their values.