I have trouble with these codes:
password.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="no1" placeholder="enter your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
Here is password2.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="name" placeholder="verify your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
And here is check.php:
<?php
$enter = $_POST['no1'];
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
The troubles I have are:
check.php doesn't recognise "name" from password2.php
And I can't verify the password
Because $_POST variable is not persistent between requests it would not work. You can store the value from first form in the $_SESSION variable and retrieve it from session.
More info about php sessions here
Leave everything as it is in your question except check.php, here is the modified one:
<?php
//starting the session in PHP
session_start();
$enter = null;
// this is all the logic you need for retrieving `no1` from POST or SESSION
if (isset($_POST['no1'])){
$enter = $_POST['no1'];
$_SESSION['no1'] = $enter;
}elseif(isset($_SESSION['no1'])){
$enter = $_SESSION['no1'];
}
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
// you can comment the next line if you are debugging,
// but after that you should destroy de session so you don't have a password as plain text
session_destroy();
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
Related
i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
I am having this code in my index.html page
<html>
<head>
<title>Login</title>
</head>
<body>
<h2>Admin Panel</h2>
<FORM NAME ="form1" METHOD ="POST" ACTION = "login.php">
<INPUT TYPE = "TEXT" name="username">
<INPUT TYPE = "PASSWORD" name="password">
<INPUT TYPE = "Submit" NAME = "Submit1" VALUE = "Login">
</FORM>
</body>
</html>
and this code in my login.php file
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
$adminUsername = "dushyant30suthar";
$adminPassword = "12345";
$enteredUsername = $_POST['username'];
$enteredPassword = $_POST['password'];
print ($enteredPassword);
if($enteredUsername == $adminUsername && $enteredPassword == $adminPassword)
{
print("Logged in");
print ($username);
}
else
{
print("Login Failed");
print ($enteredUsername);
print ($enteredPassword);
print ($adminUsername);
print ($adminPassword);
}
?>
</body>
</html>
when I am trying to print the value i have got from index.html it is not showing any data but the values i have fixed in login.php are being shown.
Your code for the login is working properly from what i'm testing, but you still have an error into login.php:
if($enteredUsername == $adminUsername && $enteredPassword == $adminPassword)
{
print("Logged in");
print ($username);
}
In the code you showed us $username isn't defined, you might want to change it to :
if($enteredUsername == $adminUsername && $enteredPassword == $adminPassword)
{
print("Logged in");
print ($enteredUsername);
}
Here is the code for index.html:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h2>Admin Panel</h2>
<form name="form1" method="post" action="login.php">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit1" value="login">
</form>
</body>
</html>
Use this code for the login.php file and it's working:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
$adminUsername = "dushyant30suthar";
$adminPassword = "12345";
if (isset($_POST['submit1'])) {
$enteredUsername = $_POST['username'];
$enteredPassword = $_POST['password'];
print ($enteredPassword);
if($enteredUsername == $adminUsername && $enteredPassword == $adminPassword)
{
print("Logged in");
print ($enteredUsername);
}
else
{
print("Login Failed");
print ($enteredUsername);
print ($enteredPassword);
print ($adminUsername);
print ($adminPassword);
}
}
?>
</body>
</html>
I've added a check if has been submitted the form which is necessary:
if (isset($_POST['submit1'])) {
And fixed: $username is not defined, I changed it with $enteredUsername.
I have a problem with my login script. The problem is, that the login scipt is supposed to check if the password and name is correct. If they are, then a site with informations should open.
The site does open, but the problem is, that no matter what password or name I type the page that is supposed to need correct password and a correct name opens.
And I can't find any errors in my script. Maybe you can help? Here are the scripts:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8" />
<style type="text/css">
.fehler { color: red; }
</style>
</head>
<body>
<?php
if (isset($_GET["f"]) && $_GET["f"] == 1) {
echo "<p class='fehler'>Login-Daten nicht korrekt</p>";
}
?>
<form method="post" action="new 2.php">
Your name, m'lady: <br />
<input type="text" name="name" size="20" />
<br />
Your password, m'lady: <br />
<input type="password" name="passwort" size="20" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
new 2.php script:
<?php
session_start();
$host = htmlspecialchars($_SERVER["HTTP_HOST"]);
$uri = rtrim(dirname(htmlspecialchars($_SERVER["PHP_SELF"])), "/\\");
if (isset($_POST["name"]) && $_POST["name"] == "M'lady" && $_POST["passwort"] == "lol") {
$_SESSION["name"] = "M'lady";
$_SESSION["login"] = "ok";
$extra = "website.php";
}
else {
$extra = "lol23.php?f-1";
}
header("Location: http://localhost/canttellyouthat/website.php");
?>
website script:
<?php
session_start();
if (isset($_SESSION["login"]) && $_SESSION["login"] == "ok") {
?>
<!DOCTYPE html>
<html>
<head>
<title>Geschützter Bereich</title>
<meta charset="UTF-8" />
</head>
<body>
<?php
echo "<h1>Hi {$_SESSION['name']}</h1>";
?>
<p><font color="FF0000"><font size="7">Wichtige Informationen</font></p>
<p><a href="http://localhost/canttellyouthat/sorrydudes">Datenbank</p>
<p><a href="lol23.php"><font size="7">Ausloggen</font></p>
</body>
</html>
<?php
} else {
$host = htmlspecialchars($_SERVER["HTTP_POST"]);
$uri = rtrim(dirname(htmlspecialchars(["PHP_SELF"])), "/\\");
$extra = "lol23.php";
header("Location: http://localhost/lol23.php");
}
?>
As pointed in the comments, you are using location without any if condition. Try change your code new2.php to:
<?php
session_start();
$host = htmlspecialchars($_SERVER["HTTP_HOST"]);
$uri = rtrim(dirname(htmlspecialchars($_SERVER["PHP_SELF"])), "/\\");
if (isset($_POST["name"]) && $_POST["name"] == "M'lady" && $_POST["passwort"] == "lol") {
$_SESSION["name"] = "M'lady";
$_SESSION["login"] = "ok";
header("Location: http://localhost/canttellyouthat/website.php");
}
else {
header("Location: http://localhost/canttellyouthat/lol23.php?f-1");
}
?>
I tried using Securimage but it the form always post to another page even if I enter wrong captcha. How to validate the captcha first then only submit the form to the posted page? The form keeps redirecting me to the posted page eventhoguht the capcha is not validated. Please advice.
<?php session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<form action = "login.php" method = "post">
<p>
<label for="ct_name">Name*:</label>
<?php echo #$_SESSION['ctform']['name_error'] ?>
<input type="text" name="ct_name" size="35" value="<?php echo htmlspecialchars(#$_SESSION['ctform']['ct_name']) ?>" />
</p>
<p>
<?php
// show captcha HTML using Securimage::getCaptchaHtml()
include_once 'genius_gadget/../securimage/securimage.php';
$options = array();
$options['input_name'] = 'ct_captcha'; // change name of input element for form post
echo Securimage::getCaptchaHtml($options);
?>
</p>
<input name="btnSubmit" type="submit" id="btnSubmit">
</form>
<?php
if(isset($_POST['btnSubmit'])){
if ($_POST['ct_name'] <> "") {
require_once 'genius_gadget/../securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
echo 'Incorrect security code entered';
}
}
else{
echo "Success";
}
}
?>
Tidied up the code... Tested on PHP 5.3.29
<?php // login.php
session_start();
// 1) Move the check logic before the login page display
// 2) Moved the options to the start - easy to see the input_name
// 3) fixed 'undefined variable $captcha message as incorrect input name used.
// 4) Always need the 'securimage.pph' script so move it to top of the file
// 5) Change the include path as it ignores the first directory
// 6) Always need a 'Secureimage' object so create it at the start.
// 7) Added HTML closing tags
// 8) Ensure that the input name value comes from $_POST not the $_SESSION.
// 9) Changed the 'ct_name' if test to cause an error if not entered.
// 10) Ensure that if captcha is valid the the 'success' path is executed
include_once '/securimage/securimage.php';
$options = array();
$options['input_name'] = 'ct_captcha'; // change name of input element for form post
$securimage = new Securimage($options);
if(isset($_POST['btnSubmit'])){
if ($_POST['ct_name'] <> "") {
if ($securimage->check($_POST['ct_captcha']) == false) {
echo 'Incorrect security code entered';
}
else{
echo "Success";
exit;
}
}
else {
echo 'Name not entered';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<form action = "login.php" method = "post">
<p>
<label for="ct_name">Name*:</label>
<?php echo #$_SESSION['ctform']['name_error'] ?>
<input type="text" name="ct_name" size="35" value="<?php echo htmlspecialchars(#$_POST['ct_name']) ?>" />
</p>
<p>
<?php
// show captcha HTML using Securimage::getCaptchaHtml()
echo Securimage::getCaptchaHtml($options);
?>
</p>
<input name="btnSubmit" type="submit" id="btnSubmit">
</form>
</body>
</html>
I am searching for a answer how to create a $_SESSION login.
The result I get every time is Dexter. Even when I just press the login button. I am using sessions and no MySQL or other database. I am just in the beginning to learn PHP and have looked around here and used google but I can't relate was I am doing wrong.
The login page looks like this:
<?php
session_start();
$_SESSION['usernamne1'] = "Dexter";
$_SESSION['usernamne2'] = "River";
$_SESSION['usernamne3'] = "Miro";
$_SESSION['password1'] = "meow1";
$_SESSION['password2'] = "meow2";
$_SESSION['password3'] = "meow3";
?>
<?php //Header include fil
$page_title = 'Login'; //Dynamic titel
include('includes/header.html');
?>
<?php
echo "<h3>Login!</h3>";
echo "<br />";
?>
<form method="post" Action="sida7logged.php">
<fieldset><legend>Fyll i dina användaruppgifter</legend>
<p><label>Username: <br />
<input name="usernamne" type="text"></label></p>
<p><label>Password: <br />
<input name="password" type="password"></label></p>
<input type="Submit" value="Login">
</fieldset>
</form>
<?php //Footer include file
include('includes/footer.html');
?>
And when logged in:
<?php
$page_title = 'Logged in'; //Dynamisc title
include('includes/header.html');
?>
<?php
session_start();
if($_SESSION['usernamne1']==true || ($_POST['username']=="Dexter"
&& ($_SESSION['password1']==true || $_POST['password']="meow1"))) {
$_SESSION['usernamne1']=true;
echo "Hello Dexter";
}
elseif($_SESSION['usernamne2']==true || ($_POST['username']=="River"
&& ($_SESSION['password2']==true || $_POST['password']="meow2"))) {
$_SESSION['usernamne2']=true;
echo "Hello River";
}
elseif($_SESSION['usernamne3']==true || ($_POST['username']=="Miro"
&& ($_SESSION['password3']==true || $_POST['password']="meow3"))) {
$_SESSION['usernamne1']=true;
echo "Hello Miro";
}
else {
echo "Please login";
}
?>
<?php //Footer include file
include('includes/footer.html');
?>
You have a better example here: Easy login script without database
<?php
session_start();
$userinfo = array(
'user1'=>'password1',
'user2'=>'password2'
);
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($userinfo[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
//Invalid Login
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
</head>
<body>
<?php if($_SESSION['username']): ?>
<p>You are logged in as <?=$_SESSION['username']?></p>
<p>Logout</p>
<?php endif; ?>
<form name="login" action="" method="post">
Username: <input type="text" name="username" value="" /><br />
Password: <input type="password" name="password" value="" /><br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>