I've written code to make a login page, this worked fine. However when I implemented it into my modified bootstrap-template, it wouldn't work anymore.
edit: it will just not give any result, if I understand firebug correctly the submit button does work but the rest of it doesn't, (atleast, it gives me an output in the firebug console) it doesn't seem to send a username or password, and it does sertainly not redirect me to the page set in action=" "
Here is my code:
<div id="login" class="container" style="color:#f7f7f7; background-color:#222222">
<div class="row">
<div class="col-lg-12 text-center">
<h2 class="section-heading">Login</h2>
</div>
</div>
<div class="row text-center">
<div class="col-md-4 col-md-offset-4">
<form method="POST" action="passwordunhash.php">
<p> username: <input type="text" name="username" value="username"></p>
<p> password: <input type="password" name="password" value=""></p>
<p> <input type="submit" value="Inloggen"></p>
</form>
</div>
</div>
</div>
<?php
if (empty($_POST['username']) && empty($_POST['password']) ){
echo " ";
}
else {
$query = "SELECT rank FROM users WHERE username='$username'";
if (!$resultaat = mysql_query($query) ){
$boodschap .= "query \"$query \" mislukt";
// echo "Dit is de boodschap: ".$boodschap." einde boodschap ";
echo "username not found";
}
else {
$rij = mysql_fetch_array($resultaat);
$_SESSION['rank'] = $rij["rank"];
}
$query = "SELECT password FROM users WHERE username='$username'";
if (!$resultaat = mysql_query($query) ){
$boodschap .= "query \"$query \" mislukt";
// echo "Dit is de boodschap: ".$boodschap." einde boodschap ";
echo "username not found";
}
$rij = mysql_fetch_array($resultaat);
$hash = $rij["password"];
if (password_verify($password, $hash)){
$_SESSION['loggedin'] = true;
header("Location: /index.php");
exit();
}
else {
echo 'username or password is incorrect';
session_unset();
session_destroy();
}
}
?>
this is the part I think the problem should be in.
I tried various things, including using the bootstrap form functions and leaving the action blank.
Sorry for the dutch words in it.
This is also my first question on stackoverflow, so if I missed any critical info you might need, please tell me.
Related
The data is not storing in session everything is working fine the login system all things but the Data like username user pass and user Id should be saved in session but it's not I know it because if it was saving when you login successfully it should show welcome {username}.
Proceed to forums the main page but it is not showing username it was showing before but I got to problems and when all problems fixed this error came out.
Code:
<style>
<?php include 'signin.css'; ?>
</style>
<script type="text/javascript" src="signup.js"></script>
<?php
//signin.php
include 'connect.php';
include 'header.php';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can sign out if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form action="" method="post" >
<div class="all" >
<div class="container" >
<div class="first" >
<h2>SIGN IN</h2>
</div>
<div class="user" >
<input class="use" type="text" placeholder="Username" id="username" name="user_name" required>
</div>
<div class="userimg" >
<img src="user.png" style="height:2em;width:2em;" >
</div>
<div class="pass" >
<input type="password" placeholder="Password" id="password" name="user_pass" minlength="8" required >
<img src="lock.png" >
</div>
<div class="show">
<img src="visible.png" id="visible" class="visible" onclick="myFunction()">
<img src="invisible.png" id="invisible" class="invisible" onclick="mynot()" >
</div>
<div class="check" >
<input type="checkbox" required >
</div>
<div class="box" >
<p>I accept all <a href="#" >terms</a> and <a href="#" >privacy</a>.</p>
</div>
<div class="submit" >
<input type="submit" name="submit" onclick="submit()" value="Sign in">
</div>
<div class="close" >
<input type="button" value="Back" >
</div>
<div class="log" >
dont have an account? <a href="#" >Login</a>
</div>
<div class="organic" >
<img src="logo.png" class="organicpe" >
</div>
<div>
<h2 class="back" ><a href="#" >Go Back</a></h2>
</div>
</div>
</div>
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Verify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
Users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysqli_query($conn,$sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysqli_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
while ($row = $result -> fetch_row())
session_start();
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
while ($row = mysqli_fetch_array($result)) {
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysqli_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
}
}
echo '<h3>Welcome, ' . $_SESSION['user_name'] . '. Proceed to the forum overview.</h1>';
}
}
}
}
}
include 'footer.php';
?>
You need to start every php file use session with
session_start();
i have a working login form that shows up via button click, i can log in but it doesnt show the errors
button that shows login form with the function(in a seperate file):
<button type="button" class="btn btn-lg btn-success" name="button" onclick="signin()" id="signin">Login</button>
function signin()
{
jQuery('#login-form').css("display","block");
jQuery('#reg-form').css("display","none");
jQuery('#signin').css("display","none");
jQuery('#signup').css("display","block");
}
the modal with php(included to the file where the button is):
<?php
$email = ((isset($_POST['Email']))?$_POST['Email']:'');
$password = ((isset($_POST['Password']))?$_POST['Password']:'');
$errors = array();
?>
<div class="" id="login-form" style="display:none">
<img class="Lpic" src="img/loginpic.png">
<br>
<div class="fieldtext">
<h2 class="text-center">Login</h2>
</div>
<br>
<div>
<?php
if($_POST)
{
//form validation
if(empty($_POST['Email']) || empty($_POST['Password']))
{
$errors[] = 'Please enter email and password';
}
//check if email exists
$query = $db->query("SELECT * FROM users WHERE Email = '$email'");
$user = mysqli_fetch_assoc($query);
$userCount = mysqli_num_rows($query);
if($userCount < 1)
{
$errors[] = 'Unknown email, pleas verify';
}
if(password_verify($password, $user['Password']))
{
$errors[] = 'Password doesn\'t match, try again';
}
if(!empty($errors))
{
echo display_errors($errors);
}else{
//log user in
$user_id = $user['ID'];
login($user_id);
}
}
?>
</div>
<form action="Login.php" method="post">
<div class="inputfield">
<div class="form-group">
<label for="Email">Email</label>
<input type="email" name="Email" id="Email" value="<?=$email;?>">
</div>
<div class="form-group">
<label for="Password">Password</label>
<input type="password" name="Password" id="Password" value="<?=$password;?>">
</div>
</div>
<div class="form-group">
<input type="submit" value="Login" class="btn btn-success btn-block">
</div>
</form>
</div>
PS: login() is a function that logs in the user, any suggestions on how to show the errors without using alert??? TIA
Well it’s definitely not the prettiest solution, but you can instead of using the display_errors() function render the form validation messages in html whenever the $errorsarray is not empty.
Something like this:
if(!empty($errors)) {
echo ‘<div id=“errors”>’;
foreach ($error in $errors) {
echo $error . “<br>”;
}
echo ‘</div>‘;
}
Sorry that i couldn’t comletely write the code, its hard to code on the phone...
I hope you get the idea.
try setting the following at the top of your php file
ini_set('display_errors', 1);
error_reporting(E_ALL);
hope this helps.
You might also want to look at this answer
I have a seperate navigator.php included on top of every page that I have for public.And it has a login form.If users have an account,they can login and be sent to the current page that they are at.
I pass the current URL adress to a hidden input as it's value.And post it to giris.php(login).Then redirecting the user with Header.
But when it comes to register.php(when no sessions were set);Im trying to login there and it still sends me back to the register.php.But SESSION is being set.Thats where I need an exception and want to send user to the index.php through register.php.
navigator.php
<div id="top">
<ul class="topnav" id="myTopnav">
<li>Anasayfa</li>
<li>İletişim</li>
<li>Hakkımızda</li>
<?php
if (isset($_SESSION["giris"]))
{
echo '<li>Panel</li>
<li>Çıkış Yap</li>';
}
else
{
$url= $_SERVER["REQUEST_URI"];
echo '<li>Kayıt Ol</li>
<li id="log">
<form method="post" action="giris.php"><div id="login">
<input type="hidden" name="location" value="'.$url.'">
<input type="text" name="username" placeholder="Kullanıcı Adı" class="loginField" required>
<input type="password" name="password" placeholder="Şifre" class="loginField" required>
<input type="submit" name="login" value="Giriş" id="logBut">
</form>
</li>';
}
?>
<li class="icon">
☰</li>
</ul>
</div>
<div id="banner">
<div id="title">
<h1>Topluluk Bloğu</h1>
<br/>
<h5>Community Blog</h5>
<br/>
<?php if(isset($_SESSION["giris"])){echo '<p id="username">Hoşgeldin '.$_SESSION["kullanici"].'</p>'; }?>
</div>
</div>
giris.php
<?php
session_start();
ob_start();
include 'func/constr.php';
if(isset($_POST["login"]))
{
$kullanici = $_POST['username'];
$password = $_POST['password'];
$URL = $_POST["location"];
$query = mysqli_query($connect,"SELECT * FROM kullanicilar where kullanici_adi='$kullanici' and sifre='$password'");
$count = mysqli_num_rows($query);
if ($count == 1)
{
$_SESSION["giris"] = true;
$_SESSION["kullanici"] = $kullanici;
$_SESSION["sifre"] = $password;
header("Location:$URL");
}
else
{
$invalid = "Kullanıcı adı ya da şifre yanlış";
$_SESSION["invalid"] = $invalid;
header("Location:index.php");
}
}
ob_end_flush();
?>
try this but not tested, if your other code is ok and redirect problem then
header("Location:$URL");
to
header('Location: ' . $URL);
I am trying to make a change password for users. But I cant manage to do it. Whatever I tried, it returns me the problem alert I wrote. Can anyone suggest anything? I am trying to fix it for hours.
The below is my form code;
<form action="change_s_pwd.php" method="POST" class='form-horizontal form-validate' id="bb">
<div class="control-group">
Kullanıcı Adı :
<div class="controls">
<input type="text" name="user" placeholder="Your Login ID" data-rule-required="true" data-rule-minlength="4"/>
</p>
</div>
<div class="control-group">
<p>Secure ID : </p>
<div class="controls">
<input type="text" name="sec_id" class="input-xlarge" placeholder="Your Secure ID" data-rule-required="true" data-rule-minlength="6"></div>
</div>
<div class="control-group">
Password :
<div class="controls">
<input type="password" name="pass" id="pass" class="input-xlarge" data-rule-required="true" data-rule-minlength="6" placeholder="Your new passowrd">
</div>
</div>
<div class="control-group">
Confirm password :
<div class="controls">
<input type="password" name="confirmfield" id="confirmfield" class="input-xlarge" data-rule-equalto="#pass" data-rule-required="true" data-rule-minlength="6" placeholder="Confirm Your new passowrd">
</div>
</div>
<div class="control-group">
<div class="controls"></div>
</div>
</div> <div class="form-actions">
<input type="submit" class="btn btn-primary" value="Submit">
<button type="button" class="btn">Cancel</button>
</div>
</form>
And the below is the submit code;
<?php
include 'index.php';
include '../include/db_conn.php';
if (isset($_POST['sec_id']) && isset($_POST['pass']) && isset($_SESSION['user_data'])) {
$sec_id = rtrim($_POST['sec_id']);
$pass = rtrim($_POST['pass']);
$user_id_auth = $_SESSION['user_data'];
$sql = "SELECT * FROM login_auth WHERE sec_id='$sec_id'";
$result = mysqli_query($con, $sql);
$count = mysqli_num_rows($result);
if ($count == 1) {
mysqli_query($con, "UPDATE login SET pass='$pass' WHERE user='$user_id_auth'");
echo "<html><head><script>alert(Password Changed Succesfully ');</script></head></html>";
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
} else {
echo "<html><head><script>alert('There has been a problem while changing password');</script></head></html>";
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
} else {
echo "<html><head><script>alert('There has been a problem while changing password');</script></head></html>";
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
?>
<center>
<img src="loading.gif">
</center>
I will be so glad if you guys can help me. Thanks in advance
you are making the check on the $count variable in which it contains the number of rows that returns from the $result (result set)and it maybe equal to 0 if the mysqli_query function return no result (empty query result ...) so you must check first the result set ($result) then get the $count ... in this case you will be sure if the mysqli_query returns a result or not .. like the below code ... :
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = "SELECT * FROM login_auth WHERE sec_id='$sec_id'";
if ($result=mysqli_query($con,$sql))
{
// Return the number of rows in result set
$rowcount=mysqli_num_rows($result);
printf("Result set has %d rows.\n",$rowcount);
// Free result set
mysqli_free_result($result);
}
mysqli_close($con);
also do not write html code as a string with php ... this will lead to many errors and it will be hard for you to debug the problem ... use the header function in php or the redirect to redirect to the page you want in the case you want ...
I want to use one div at a time using an echo and $_SESSION. When I put this on the web it only shows $form. Can you see if I'm doing anything wrong?
$signedIn ='<h3 id="throughHeader"> Account options</h3><br/>
<p id="throughP"> <a href="convenientaccountinfo.php> Account Info </a></p><br/>
<p id="throughP"><a href="convenientaddaddress.php> Add Address </a></p><br/>
<p id="throughP"> <a href="convenientaddcreditcard.php> Add C. Card </a></p><br/>
<p id="throughP"> <a href="convenientsignout.php> Sign Out </a></p>';
$form='<form id="signInForm" method="POST" action=""><h3 id="formHeader">Sign Into Account</h3><br/>
<p id="pRegister"><a id="register" href="convenientregisterpage.php"> Register </a></p><br/>
<label>Email Addr:</label><input type="text" name="userEmail" id="email" size="15"/><br/>
<label>Password:</label><input type="password" name="password" id="password" size="15"/><br/>
<input type="submit" value="Sign In" id="formSubmit" name="submit"/> </form>';
$username = $_SESSION['userEmail'];
if(!$username){
$signedInForm="$form";
}
else{
$signedInForm="$signedIn";
}
}
This is the form POST with validating until it sets the $_SESSION. Thanks for looking at it again.
$email=$_POST['userEmail'];
$password=$_POST['password'];
if(isset($_POST['submit'])){
if(empty($email) || empty($password)){
$msg_to_user3="Fill in both fields";
}
else{
$results=mysql_query("SELECT * FROM register WHERE userEmail='$email'");
if (mysql_num_rows($results)==0)
$msg_to_user3 ="No such User";
else
{
while ($login_row = mysql_fetch_assoc($results))
{
$password_db = $login_row['password'];
if ($password!=$password_db){
$msg_to_user3 ="Password doesn't match";
}
if ($password_db!=$password){
$msg_to_user2="<a id='forgetpassword' href='convenientforgotpassword.php'>Forget Password</a>";
}
else
{
$active = $login_row['active'];
$userEmail = $login_row['userEmail'];
if ($active==0){
$msg_to_user3= "Activate account at ($userEmail) </p>";
}
else
{
$_SESSION['userEmail']=$username;//assign session
}
}
}
}
}
}
<html>
<body>
<div id="formSignIn">
<?php echo $signedInForm ;?>
</div>
</body>
</htmo>
Ok, I got the $_SESSION working which switched in between the $form and $signedIn variables. And as far as two only showing with the p s I took the ids off and in the a href the quotes weren't closed so it didn't shut each link. Thanks for all your help!!