I have a sign up function on a script and I've copied it over to a new project and changed the variables - form inputs, table/database names etc. and the script won't do anything.
Signup.php
<form class="form" action="register.php" method="POST" enctype="application/x-www-form-urlencoded">
<input type="text" value="" placeholder="Username" id="username" name="username" />
<input type="text" value="" placeholder="Email" id="Email" name="Email" />
<input type="password" value="" placeholder="Password" id="password" name="password" />
<input type="submit" id="signin" name="submit" />
</form>
Register.php
<?php
include('connectivity.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to mysqli: " . mysqli_connect_error();
}
else
{
}
function newUser()
{
include ('connectivity.php');
$username = $_POST['username'];
$username_escaped = mysqli_real_escape_string ($db, $username);
$email = $_POST['email'];
$email_escaped = mysqli_real_escape_string ($db, $email);
$password = sha1($_POST['password']);
$password_escaped = mysqli_real_escape_string ($db, $password);
$query = "INSERT INTO users (username, email, password) VALUES ('$username_escaped', $email_escaped', '$password_escaped')";
include('connectivity.php');
$data = mysqli_query ($db, $query)or die(mysqli_error($db));
if($data)
{
}
}
function SignUp()
{
if(!empty($_POST['email']))
{
include('connectivity.php');
$query = mysqli_query ($db, "SELECT * FROM users WHERE email = '$_POST[email]'")
or die(mysqli_error());
if(!$row = mysqli_fetch_array($query))
{
newUser();
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('User Registration Successful')
window.location.href='login.php';
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('You are already a registered user!')
window.location.href='homepage.html';
</SCRIPT>");
}
}
}
if(isset($_POST['submit']))
{
SignUp();
}
?>
The form when submitted just goes to the blank php page (register.php) - no window alert messages pop up and no redirection occurs.
This script works perfectly on my other form, can anybody see why it doesn't work on this form?
Cheers for reading!
$_post['email'] Doesnt exists because you have set the name attribute to "Email"
Edit:
I forgot to mention the essence of my answer. the name and $_POST are case sensitive, so "email" != "Email"
try this:
$query = mysqli_query ($db, "SELECT * FROM users WHERE email = '$email'") or die(mysqli_error($db));
Related
The PHP script supposed to receive two variables : username and password but it doesn't do that and it always "echo" : "missing input".
I tried to echo the two variables but nothing was echoed, which i think means that they are not initialized.
This is the script:
require_once ('connect.php');
$username= $_POST['username'];
$password= $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!empty($username) && !empty($password)) {
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if(mysqli_query($con,$query)) {
echo "Welcome";
mysqli_close($con);
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
else {
echo "missing input";
}
I tried sending the post data using Postman and via HTML page but both returned the same thing: "missing input"
This is the HTML i used
<form action="mlog.php" method="post">
<input type="textbox" name="username" value="username" />
<input type="textbox" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
its <input type="text">
<form action="mlog.php" method="post">
<input type="text" name="username" value="username" />
<input type="text" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
Check if the login button was clicked, then check if the username and password are not empty then assign the vars to them if not.
<?php
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username= $_POST['username'];
$password= $_POST['password'];
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if($r) {
echo "Welcome";
//redirect
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
?>
I'm wondering if and how I could check if a username is being used.
I heard you can do this with jQuery but i just want something simple since I'm a beginner.
I have tried it but i can't seam to get it right. I just have it connected to a mysql database but since when a username with the same password as another account tries to logon, theres an issue, so i need this to stop people adding multiple usernames.
Here is my simple code for the registration form and the php
<form action="" method="POST">
<p><label>name : </label>
<input id="password" type="text" name="name" placeholder="name" /></p>
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>E-Mail : </label>
<input id="password" type="email" name="email"/></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
</form>
</div>
<?php
require('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$name = $_POST['name'];
$query = "INSERT INTO `user` (username, password, email, name) VALUES ('$username', '$password', '$email', '$name')";
$result = mysql_query($query);
if($result){
}
}
?>
For starters you don't want to just rely on something like unique field for doing this, of course you will want to add that attribute to your username column within your database but above that you want to have some sort of frontal protection above it and not rely on your database throwing an error upon INSERT INTO, you're also going to want to be using mysqli for all of this and not the old version, mysql. It's vulnerable to exploitation and no longer in common practice, here's what each of your files should look like:
connect.php
<?php
$conn = mysqli_connect("localhost","username","password","database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
register.php
<form action="insertuser.php" method="POST">
Username:
<input type="text" name="username" placeholder="Username" />
<br />
Password:
<input type="password" name="password" placeholder="Password" />
<br />
Name:
<input type="text" name="name" placeholder="Name" />
<br />
Email address:
<input type="text" name="email" placeholder="Email address" />
<br /><br />
<input type="submit" value="Register" />
</form>
<?php
// If there's an error
if (isset($_GET['error'])) {
$error = $_GET['error'];
if ($error == "usernametaken") {
echo "<h4>That username is taken!</h4>";
} elseif ($error == "inserterror") {
echo "<h4>Some kind of error occured with the insert!</h4>";
} else {
echo "<h4>An error occured!</h4>";
}
echo "<br />";
}
?>
Already have an account? Login here
insertuser.php
<?php
// Stop header errors
ob_start();
// Check if form has been posted
if (isset($_POST['username'])){
// Requre database connection file
require('connect.php');
// Clean the variables preventing SQL Injection attack
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
// Check if the username exists
// Construct SELECT query to do this
$sql = "SELECT id FROM user WHERE username = '".$username."';";
$result = mysqli_query($conn, $sql);
$rowsreturned = mysqli_num_rows($result);
// If the username already exists
if ($rowsreturned != 0) {
echo "Username exists, redirecting to register.php with an error GET variable!";
// Redirect user
header('Location: register.php?error=usernametaken');
} else {
// Construct the INSERT INTO query
$sql = "INSERT INTO user (username, password, email, name) VALUES ('".$username."', '".$password."', '".$email."', '".$username."');";
$result = mysqli_query($conn, $sql);
if($result){
// User was inserted
echo "User inserted!";
/* DO WHATEVER YOU WANT TO DO HERE */
} else {
// There was an error inserting
echo "Error inserting, redirecting to register.php with an error GET variable!";
// Redirect user
header('Location: register.php?error=inserterror');
}
}
}
?>
Good luck with whatever you're working on and I hope this helps!
James
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$name = $_POST['name'];
$query = "select username from user where username = '$username'";
$res = mysql_query($query);
$rows = mysqli_num_rows($res);
if ($rows > 0) {
print 'Username already exists...';
} else {
$query = "INSERT INTO `user` (username, password, email, name) VALUES ('$username', '$password', '$email', '$name')";
$result = mysql_query($query);
if($result){
}
}
}
Here is another example :) , succes.
<?php
//Set empty variables.
$usernameError = $emailError = $passwordError = $nameError = $okmsg = "";
$username = $password = $email = $name = "";
if (isset($_POST['submit'])) {
//Check if empty labels form
if (empty($_POST['name'])) {
$userError = "The 'name' is required.";
echo '<script>window.location="#registrer"</script>';
} else { $name = $_POST['name']; }
if (empty($_POST['email'])) {
$emailError = "El 'Email' es requerido.";
echo '<script>window.location="#registrer"</script>';
} else {
$email = $_POST['email'];
//Check only contain letters and whitespace.
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailError = "El 'Email' is not valid. ";
echo '<script>window.location="#registrer"</script>';
}
}
if (empty($_POST['password'])) {
$passwordError = "The 'password' is requiered.";
echo '<script>window.location="#registrer"</script>';
} else {
$password = $_POST['password'];
}
}
//Check if correctly filled
if ($name && $username && $email && $password) {
require('connect.php');
//Query SQL
$sql = "SELECT * FROM user WHERE username='$username'"; //String SQL
$query = mysqli_query($ConDB, $sql);//Query
//Securite
$username = mysqli_real_escape_string($ConDB, $username);
$password = mysqli_real_escape_string($ConDB, $username);
$passw = sha1($password);//For securite.
$name = mysqli_real_escape_string($ConDB, $username);
$email = mysqli_real_escape_string($ConDB, $username);
if ($existe = mysqli_fetch_object($query)) {
$usernameError = "The 'Username' is already exists.";
echo '<script>window.location="#registrer"</script>';
} else {
$sql = "INSERT INTO user (username, password, email, name) VALUES ('$username', '$passw', '$email', '$name')";
mysqli_query($ConDB, $sql);
$okmsg = "Register with succes.";
mysqli_close($ConDB);//Close conexion.
echo '<script>window.location="#registrer"</script>';
}
}
?>
<a name="registrer"></a>
<form action="" method="POST">
<p><label>name : </label>
<input id="password" type="text" name="name" placeholder="name" /></p>
<?php echo $nameError; ?>
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<?php echo $usernameError; ?>
<p><label>E-Mail : </label>
<input id="password" type="email" name="email"/></p>
<?php echo $emailError; ?>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<?php echo $passwordError; ?>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
<?php echo $okmsg; ?>
</form>
--
-- DATA BASE: `user`
--
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
CREATE TABLE user (
id int(11) unsigned not null auto_increment primary key,
name varchar(50) not null,
email varchar(80) not null unique,
username varchar(30) not null unique,
password varchar(40) not null
)engine=InnoDB default charset=utf8 collate=utf8_general_ci;
You can try use jQuery AJAX for what you want.
First, add this to your registration.php file
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script>
// when user submit the form
$('form').on('submit', function(event){
$.ajax({
url: "check_username.php",
type: "POST",
dataType: "JSON",
data: {
username: $("#username").val() // get the value from username textbox
},
success: function(data){
if(data.status == "exists"){
alert('Username already existed');
}
else{
$('form').submit();
}
},
});
event.preventDefault();
});
</script>
So now your registration.php file will look like this
registration.php
<form action="" method="POST">
<p>
<label>name : </label>
<input id="password" type="text" name="name" placeholder="name" />
</p>
<p>
<label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" />
</p>
<p>
<label>E-Mail : </label>
<input id="password" type="email" name="email"/>
</p>
<p>
<label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" />
</p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script>
// when user typing in 'username' textbox
$('form').on('submit', function(event){
$.ajax({
url: "check_username.php",
type: "POST",
dataType: "JSON",
data: {
username: $("#username").val() // get the value from username textbox
},
success: function(data){
if(data.status == "exists"){
alert('Username already existed');
}
else{
$('form').submit();
}
},
});
event.preventDefault();
});
</script>
Then create php file named check_username.php to check the username submitted by user if it is already existed in database or still available.
check_username.php
<?php
// Check if 'username' textbox is not empty
if(!empty($_POST['username'])){
$username = trim(mysqli_real_escape_string($_POST['username']));
// Check the database if the username exists
$query = "SELECT username FROM `user` WHERE username = '".$username."'";
$result = mysqli_query($query);
if(mysqli_num_rows($result) > 0){
// if username already exist
// insert into array, to be sent to registration.php later
$response['status'] = 'exists';
}
else{
// if username available
$response['status'] = 'available';
}
}
header('Content-type: application/json');
echo json_encode($response);
exit;
?>
Here is how it works:
1. When user click the register button, jQuery will call check_username.php.
2. Now in check_username.php it will check the database if the username submitted already exists or still available.
3. Whatever the result either exists or available, check_username.php will send the result back to registration.php as string contains 'exists' or 'available'.
4. registration.php now get the result and will check the result sent by check_username.php if it contain 'exists' or 'available'. If the string is 'exists' then alert will be triggered. If the string is 'available', the form will be submitted.
HTML
<form type="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
PHP
<?php
require_once 'config.php';
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
I tried switching from MySQL to MySQLi and I'm sure it's related to this. My form is not passing values to the PHP script even if the inputs have a name. Did some research here on StackOverflow and found many questions about forms not passing data but there was usually a typo or a missing name, which is not my case (I think).
(I know that the password is not secured yet, I'll add a SHA256 or something there soon so don't stress about it)
Tried echoing the query and it's just blank where the password and email address should be.
SELECT * FROM `users` WHERE password = '' AND email = ''
I also get this warning:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4
Line 4 in my script is:
$email = mysqli_real_escape_string($_POST['password']);
make change to Your form tag
<form type="POST">
to
<form method="POST">
Change form type="post" to method="post"
Add database connection string to your mysqli_real_escape_string function.
According to the Documentation http://php.net/manual/de/mysqli.real-escape-string.php
you must provide the mysqli ressource as first parameter of the function.
You should use method instead of type in your <form> tag, like this:
<form method="POST" action="includes/login.php">
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login" name="submit">
</form>
<?php
require_once 'config.php';
if(isset($_POST['submit'])) {
if(!empty($_POST[email]))
{
$email = mysqli_real_escape_string($link,$_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(!empty($_POST['password']))
{
$password = mysqli_real_escape_string($link,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(!empty($_POST['email']) && !empty($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION['login'] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}}
?>
set 'method' not type
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
don't forget to connect to your db and pass the that connection to your mysqli_query and mysqli_real_escape_string functions
<?php
require_once 'config.php';
$con=mysqli_connect("localhost","my_user","my_password","my_db");
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($con, $_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($con,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
As from Docs, the first parameter must be mysqli resource and its missing within your code, and also change
<form type="POST">
into
<form method="post">
So your code looks like
mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
I'm trying to make a simple register and login form.
I want to use SHA1 to save the encrypted password in database.
But when I try to login with the password, it seems it does not work.
There are three files - index.php, register.php ,login.php
Please help me to solve this problem.
//index.php
<form action="register.php" method="post" enctype="multipart/form-data">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Register</button>
</form>
<form action="login.php" method="post">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Login</button>
</form>
//register.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$regist_day=date('d-m-Y (H:i)');
if (!empty($email) && !empty($password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "INSERT INTO member(email,password,regist_day)";
$sql .= "VALUES ('$email',SHA1('$password'),'$regist_day')";
mysqli_query($dbc,$sql);
echo("
<script>
location.href='try.php'
</script>
") ;
}
else{
echo "You need to enter Email and Password";
}
?>
//login.php
<?php
$user_email = $_POST['email'];
$user_password = SHA1($_POST['password']);
if (!empty($user_email) && !empty($user_password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "SELECT * FROM member WHERE email = '$user_email'";
$result = mysqli_query($dbc,$sql);
$num_match = mysqli_num_rows($result);
if (!$num_match) {
echo "No result";
}
else{
$sql = "SELECT * FROM member WHERE password = '$user_password' ";
$result = mysqli_query($dbc,$sql);
$password_match = mysqli_num_rows($result);
if (!$password_match) {
echo "SHA1 does not work";
exit;
}
else{
echo"success";
}
}
}
else{
echo "You need to enter both Email and Password";
}
?>
Here is the code for my entire index page, which includes a register and a login. For some reason, the register part works fine, and it is inserting correctly. Yet, the login part is not working, as whenever I call the $queryrun(mysql_query($query)) on the SELECT * FROM, it does not work.
<?php
require('includes/dbconnect.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$logemail = $_POST['logemail'];
$logpassword = $_POST['logpassword'];
$logpassword = md5($logpassword);
// Register Script
if (isset($firstname) && !empty($firstname) && !empty($lastname) && !empty($email) && !empty($password)) {
$query = "INSERT INTO users VALUES('', '$firstname', '$lastname', '$email', '', 'm', '9', '$password', 'bio'";
$queryrun = mysql_query($query);
} else {
echo 'Please fill out all of the form fields';
}
// Login Script
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$queryrun = mysql_query($query);
while ($row = mysql_fetch_assoc($queryrun)) {
$logemail = $row['logemail'];
}
echo $logemail;
$numrows = mysql_num_rows($query);
if ($numrows > 0){
echo 'User exists';
} else {
echo 'User does not exist';
}
} else {
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form action="index.php" method="POST">
Firstname: <input type="text" name="firstname" /><br />
Lastname: <input type="text" name="lastname" /><Br />
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Submit" />
</form>
<br /><hr />
<br />
Login:<br />
<form action="index.php" method="POST">
Email:<input type="text" name="logemail" /><br />
Password: <input type="password" name="logpassword" /><br />
<input type="submit" value="Log in" /><br />
</form>
</body>
</html>
The connection to the database is fine because the register part code works, it's just the login code is returning nothing and saying that the user does note exist, when the user actually does exist
Your form field is $logemail while your mysql statement uses $email.
To get this working looks like you want:
$query = "SELECT * FROM users WHERE email = '$logemail' AND password = '$logpassword'";
But as John Conde mentions there are significant security issues.
What version of PHP are you using? This extension is deprecated as of PHP 5.5.0, you really should be using mysqli or PDO.
also
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
you are checking for $logemail and $logpassword but putting $email and $password in the query string... also use {} in your strings for php variables. it helps keep string concatenation from getting confusing and you can use associated arrays in the string
echo "This is my string and this is the number {$number}. this is the value in my array: {$arrayvar["something"]}.";