I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
Related
My PHP and MySQL knowledge is very little. I am trying to create a very basic login script however when I attempt to submit the credentials, I am faced with an error message that says "this page isn't working, localhost is unable to handle this request.".
Here is my signin.php script
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
?>
and this is my html
<!DOCTYPE html>
<html>
<head>
<title>Murdoch Study Assist</title>
<link rel="stylesheet" type="text/css" href="style.css">
<link href="https://fonts.googleapis.com/css?family=Baloo+Chettan" rel="stylesheet">
</head>
<body>
<div id="login">
<form method="post" action="signin.php">
<b>Login</b><br>
<br>
<input type="text" name="username" class="input" placeholder="Username"><br><br>
<input type="password" name="password" class="input" placeholder="Password"><br><br>
<input type="submit" name="submit" value="Sign In" class="sub"><input type="reset" name="reset" value="Clear" class="res"><br><br><hr><br>
<h3>Not a member?</h3>
<button>Sign Up</button>
</form>
</div>
</body>
</html>
You didn't close below if-statement :
if (isset($_POST['username']) and isset($_POST['password'])){
}//add this in the end
try this
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
}// add this tag
?>
This is the checklogin.php page. The whole idea is that based on your status (1 or 0) the program should guide you to the right page (red_form or yellow_form). At the moment this code will let me to login no matter who I am (not in database) or then will let me to login as a person from the database, but won't guide me correctly. What am I doing wrong?
<?php
require_once "connection.php";
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM information WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($connection, $sql);
if($result){
echo "Yippii";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
if($rowcount > 0){
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
} else {
header('Location: yellow_form.php');
}
}
}
?>
</body>
</html>
You have given "else" condition in the wrong place. Your login is working fine, You can follow the code,
<?php
include("connection.php");
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM chklogin WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($conn, $sql);
if($result){
echo "Yippie";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
echo ($rowcount);
if($rowcount > 0)
{
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
}
}
else
{
header('Location: yellow_form.php');
}
}
?>
<form method="post" action="">
<input type="text" name="username" placeholder="enter name"><br><br>
<input type="text" name="password" placeholder="enter password"><br><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
login.php
I just want to prevent the user after the user logout and press the back button he will still logout... in the current state of my project after the user logout and press back button he will go back in the last page and still log in
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=MS932">
<title>Login Page</title>
<link rel ="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id ="frm">
<form action="process.php" method="post" >
<p>
<label>Username:</label>
<input type="text" id="email" name="user" required/>
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass" required/>
</p>
<p>
<input type="submit" id="btn" value="Login"/>
</p>
</form>
</div>
</body>
process.php
<?php
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
logout.php
<?php
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
Initialize session variable on user login and destroy it on logout. Everytime you go to index.php, you check if that session variable exists or there is a successful login.
http://php.net/manual/en/ref.session.php
process.php
<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
$_SESSION['un'] = $username;
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
index.php
<?php
session_start();
if(!isset($_SESSION['un'])){
header("location:login.php");
}
...
?>
I have a little problem with my Login & Register System but I don't know where the problem is. When I press "Login" or "Register", the next page is white. I see only my message: "Try again!". I made 3 PHP files:
1) index.php
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="logreg.php" metodh="post" accept-charset="utf-8">
<label>Username:</label><input type="text" name="username" placeholder="Username">
<br>
<label>Password:</label><input type="password" name="password" placeholder="Password">
<br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
</html>
I think the problem is in the next file:
2) logreg.php
<?php
$servername = "localhost";
$username = "alex";
$password = "calamar28";
$database = "register/login";
$conn = mysqli_connect($servername, $username, $password, $database );
if(!$conn){
die("Connection failde:".mysqli_connect_error());
}
if(isset($_POST["login"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='$user' AND password='$pass';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
header("Location: personal.php");
}
else
{
echo "Username or password is incorrect!";
}
}
else if(isset($_POST["register"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$pass')";
$result = mysqli_query($conn, $sql);
}
else
{
echo "Try again!";
}
?>
3) personal.php
<?php
if(isset($_POST["login"])){
echo "Welcome to you personal area !";
echo 'Your proiect';
}
else
{
echo "You are not logged in!";
}
?>
You will also need to set some session variables to carry through onto the personal.php page... This will help determine if the user has logged in successfully or not as the original posted data won't be transferred through when you redirect to this page... You'll want your logreg.php to be the following:
<?php
if (!isset($_SESSION)) {session_start();}
$servername = "localhost";
$username = "alex";
$password = "calamar28";
$database = "register/login";
$conn = mysqli_connect($servername, $username, $password, $database );
if(!$conn){
die("Connection failde:".mysqli_connect_error());
}
if(isset($_POST["login"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='$user' AND password='$pass';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
$_SESSION['loggedIn'] = 1;
header("Location: personal.php");
}
else
{
echo "Username or password is incorrect!";
}
}
else if(isset($_POST["register"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$pass')";
$result = mysqli_query($conn, $sql);
}
else
{
echo "Try again!";
}
?>
And then your personal.php page will change to the following:
<?php
if (!isset($_SESSION)) {session_start();}
if(isset($_SESSION["loggedIn"]) && ($_SESSION["loggedIn"] == 1) ){
echo "Welcome to you personal area !";
echo 'Your proiect';
}
else
{
echo "You are not logged in!";
}
?>
The Default Method for HTML Forms is GET. And in your HTML Code you wrote metodh instead of method. This would be ignored and then your method would automatically default to GET. Other than this, your PHP Code is fine.
Change your HTML Code to look something like below and everything should work fine as expected:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="logreg.php" method="post" accept-charset="utf-8">
<label>Username:</label><input type="text" name="username" placeholder="Username">
<br>
<label>Password:</label><input type="password" name="password" placeholder="Password">
<br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
</html>
Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>