I've been busy creating a login script, only problem is i get a blank page after submitting the login form. I'm using a Template System.
Some codes,
login.tpl:
<div class="container">
<form class="form-login" action="/customer/login/submit" method="post">
<h2 class="form-login-heading">$site_name Customer Panel</h2>
<div class="login-wrap">
<input type="text" name="loginusername" class="form-control" placeholder="Username" autofocus>
<input type="password" name="loginpassword" class="form-control" placeholder="Password">
<button class="btn btn-lg btn-login btn-block" type="submit" name="login">Log in</button>
<center>
<div class="registration">
Don't got an account yet?
<a class="" href="$site_url/customer/register">
Create an account
</a>
</div>
</center>
</div>
</form>
Submit.php:
<?php
if (!isset($_POST['loginusername'], $_POST['loginpassword']))
{
Site::Stop('/customer/login');
}
$Error = Users::Login($_POST['loginusername'], $_POST['loginpassword']);
if (isset($_SESSION['username']))
{
Site::Stop('/customer/dashboard');
}
$_SESSION['login_error'] = $Error;
Site::Stop('/customer/login');
?>
login.php:
$this->Define('LoginError', '');
if (isset($_SESSION['login_error']))
{
$errors = Array(
1 => 'This username does not exist.',
2 => 'Your password is incorrect.');
if ($_SESSION['login_error'] == 3)
{
$errors[3] = ' Your '.$_SESSION['ban']['bantype'].' is banned.
Reason: '.$_SESSION['ban']['reason'].'.
Your ban expires on: '.date('d-m-y H:i:s', $_SESSION['ban']['expire']);
unset($_SESSION['ban']);
}
$this->Define('LoginError', '<div class="well well-danger">'.$errors[$_SESSION['login_error']].'</div>');
unset($_SESSION['login_error']);
}
$this->LoadTpl('Login');
Maps.php
<?php
$this->Map('/customer/login', 'Login.php');
$this->Map('/customer/register', 'Register.php');
$this->Map('/customer/register/submit', 'RegSubmit.php');
if (Users::$Session === false)
{
$this->Map('/customer/login/submit', 'Submit.php');
}
else
{
$this->Map('/customer/logout', 'Logout.php');
}
?>
Make sure session has started with session_start() on top of php file.
Related
I am learning to program in PHP and I have a problem, I want to write in a html tag from php in different files, but I don't get how to do it. This is my code:
index.php
<form action="back_end_files/ControllerUsuarios.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email"
onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
Here i want to write the message
<div>
<p id="status"></p>
</div>
controllerUsuarios.php
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
session_start();
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
else{
$alert = "Email or password incorrect";
}
}
basically. post to the same index file is easiest, redirect if authenticated, otherwise just show the form again.
index.php
<?php
// include your login functions...
require 'back_end_files/controllerUsuarios.php';
if(logged_in()) {
// already logged in.
header("Location: https://localhost/logged.php");
} else {
// this will redirect if authenticated.
loginCase();
}
?>
<form action="index.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email" onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
back_end_files/controllerUsuarios.php
/**
* check logged in now
*
* #return boolean if logged in.
**/
function logged_in() {
session_start();
return !empty($_SESSION['active']);
}
/**
* log in the user and goto the next page or show form again.
*
* #return void
**/
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
// only try to authenticate if the data is set.
if(!empty($_POST['vEmail']) && !empty($_POST['vPass'])) {
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
}
// did not authenticate, so show the form again.
return false;
}
I am new on PHP and I trying to make a simple login system. I want that when i login, if I submit incorrect information system gives validation error and if I submit true info I want to get email or name in profile blade.
Like hello $user!!!
Login page
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
header()
}
else{
echo "Invalid username/password";
}
}
?>
In login page, I tried;
<?php
$email = $_POST['email'];
$password = $_POST['pass'];
if($email == 'cagri#vargonen.com' && $password == '1234'){
echo "Welcome Çağrı Uğurel";
}
else{
echo "Your email or password incorrect";
}
?>
Can you please help me where is my mistake?
You need to use session_start() to get username or other temp variables.
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$actualuser = "cagri#vargonen.com";
$actualpass = "1234";
if (($email == $actualuser) && ($pass == $actualpass)) {
$_SESSION["username"] = $username;
header("location:somepage.php");
} else {
echo "Username or Password isn't matched.";
}
}
?>
And if login is succeed, username goes to session variable which means you can use that variable during the session.
somepage.php
<?php
session_start();
?>
<html>
<title>User Page</title>
<body>
<p><?php echo $_SESSION["username"];?> </p>
</body>
</html>
I suggest you to use ajax method for kind of these.
EDIT:
Here is real-life example from my previous project.
index.php
<div class="modal fade" id="loginmodal" role="dialog" data-backdrop="static">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="padding:35px 50px;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h1> Giriş yap</h1>
</div>
<div class="modal-body" style="padding:40px 50px;">
<form role="form" method="post" action="index.php">
<div class="form-group">
<label for="usrname"><span class=""></span> Kullanıcı Adı</label>
<input type="text" pattern="[a-z]*"class="form-control" id="usrname" name="username" placeholder="Yetkili veya normal kullanıcı adı giriniz" required>
</div>
<div class="form-group">
<label for="psw"><span class=""></span> Şifre</label>
<input type="password" class="form-control" id="psw" name="password" placeholder="Şifre" required>
</div>
<button type="submit" class="btn btn-success btn-block" name="login"><span class=""></span> Giriş</button>
</form>
</div>
logincheck.php
<?php
if(isset($_POST["login"])){
$username = $_POST["username"];
$password = $_POST["password"];
$query = $db->prepare("select * from users where username=:username AND password=:password");
$query->execute(array(
':username' => $username,
':password' => $password
));
$r = $query->fetch();
$count = $query->rowCount();
if($count > 0 && $r["rank"] > 0) {
$_SESSION["username"] = $username;
$_SESSION["rank"] = $r["rank"];
header("location:project.php");
}
}
?>
userpage.php
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"> <?php echo $_SESSION["username"];?> <span class="caret">
</span></a>
<ul class="dropdown-menu">
<li>Çıkış yap</li>
</ul>
</li>
</ul>
Hope, this is help!
Add semicolon here header();
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
session_start();
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
$_SESSION['user'] = array('email'=>$email);
echo 'Hello '.$_SESSION['user']['email'].'...!';
}
else{
echo "Invalid username/password";
}
}
?>
Here is how my admin login page should work:
1.For a valid login:
login.php>admin.php>adminpanel.php
2. For non valid login:
login.php>admin.php>login.php
Facts:
1. db is connected
2. db fields are "userid" "username" " password"
3. password is encrypted
Problem is :
Login page redirecting me to admin.php page and no error is showing .
//login.php
<form action = "admin.php" role="form" method="post">
<div class="form-group input-group">
<span class="input-group-addon">Name</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Name">
</div>
<div class="form-group input-group">
<span class="input-group-addon">Password</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Password">
</div>
<?php
if (isset($_GET['error'])){
echo "Hay Dude!!! Are You Lost? call 911!!";
}?>
<button type="submit" class="btn btn-lg btn-primary">login</button>
</form>
//admin.php
<?php
include ("dbconnect.php");
session_start();
if (isset($_POST['logout'])){
unset($_session['admin']);
}
if (isset($_POST['login'])){
$login_sqli= "SELECT * FROM user WHERE Name ='".$_POST['username']."'AND Password='".sha1($_POST['password'])."'";
$login_query = mysqli_query($dbconnect,$login_sqli);
if (mysqli_num_rows($login_query)>0){
$login_rs= mysqli_fetch_assoc($login_query);
$_session['admin']=$login_rs['username'];
}else
header ("location:admin.php?error=login");
}
<body>
<div class="col-lg-12 text-center">
<div class="jumbotron">
<h1>Hay Dude! You Lost?? Try Again or Call 911!!</h1>
<?php
if (!isset($_session['admin'])){
include ("login.php");
}else{
include ("adminpanel.php");
}
?>
</div>
</div>
</body>
I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}
Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";
Try with this way
echo "Passowrd must match
Try Again"
you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"
Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php
remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"
I've done this login script with protection for certain pages, but even if I type the login correctly it returns me to login page as I didn't have logged in. Already tried to do PHP CODE to show all errors but no errors. Here is the codes:
LOGIN:
<?php
include("conexao.php");
include("functions.php");
if(isset($_POST['submit'])) {
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['senha']);
$sel_user = "select * from contas where email='$email' AND senha='$pass'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0){
$_SESSION['user_email']=$email;
$idUsuario = getIDUsuario($con, $email, $pass);
header('Location: ../paginausuario.php?logado=1&idUsuario=' . $idUsuario);
mysqli_free_result($result);
} else {
echo "<script>alert('Email or password is not correct, try again!')</script>";
}
}
?>
PROTECTED PAGE:
<?php if(!isset($_SESSION['user_email'])) {
header('Location: lib/logout.php');
} else { ?>
LOGIN FORM:
<?php if(isset($_SESSION['user_email'])) { ?>
<form id="signin" class="navbar-form navbar-right" role="form" action="lib/logout.php">
<button type="submit" name="submit" class="btn btn-primary">Sair</button>
</form>
<?php } else { ?>
<form id="signin" class="navbar-form navbar-right" role="form" action="lib/login.php" method="POST">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<input id="email" type="email" class="form-control" name="email" value="" placeholder="Seu e-mail">
</div>
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<input id="password" type="password" class="form-control" name="senha" value="" placeholder="Sua senha">
</div>
<button type="submit" name="submit" class="btn btn-primary">Entrar</button>
</form>
<?php } ?>
I don't see the session start call anywhere:
session_start();
Remember to start sessions at the very beginning of each of your scripts.