Only the last line of if/else statement is working.
How do i solve this? the result is
Please enter a user name and password
the following is the php code :
<?php
session_start();
$username =#$_POST['username'];
$password =#$_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!==0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword)
{
echo "Your are logged in!";
$_SESSION['username']=$username;
}
else
echo "Your password is incorrect!";
}
else
die("That user doesn't exists!");
}
else
die("Please enter a user name and password");
?>
This is what I've got as my HTML form:
<html>
<form action="loginpage.php" method="post">
Username: <input type="text" name"username">
<p>
Password: <input type="password" name"password">
<p>
<input type="submit">
</form>
</html>
<?php
session_start();
$username = #$_POST['username'];
$password = #$_POST['password'];
if (!empty($_POST['submit'])) {
$connect = mysql_connect("localhost", "root", "")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username == $dbusername && $password == $dbpassword) {
echo "Your are logged in!";
$_SESSION['username'] = $username;
} else
echo "Your password is incorrect!";
} else
die("That user doesn't exists!");
}
else {
ECHO "Please enter a username and Password";
}
?>
<form method="post">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" name="submit" value="submit">
</form>
Try this But my suggestion would also be that you take if(!empty($_POST['submit'])) because when the document loads input fields will definitely be empty so it will go to the else part. where you have added the die code...avoid using die code in else use echo prompt there.
Related
this is my log in page. I can log in when I put the relevant username and password and can't log in if they do not match. but the thing is I still have the privilege of logging in when I do not enter any username, password and click on the log in button.
this is the index page
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login.css">
</head>
<body>
<div class="login-page">
<form method="post" class="form" action="login.php">
<input type="text" id="user" name="user" placeholder="username"/>
<input type="password" id="pass" name="pass" placeholder="password"/>
<button type="submit" name="submit" id="btn">login</button>
</form>
</div>
</body>
</html>
this is login.php
<?php
//get values passe from form in login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//to prevent sql injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//connect to the server and select database
mysql_connect("localhost","root","");
mysql_select_db('laboursalary');
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'")
or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
header("Location: ../projectdetails/index.php");
} elseif ($row['username']=="" && $row['password']==""){
echo "Failed to login";
} else {
echo "Failed to login";
}
?>
<?php
if(isset($_POST['submit']))
{
//get values passe from form in login.php file
$username = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);
//connect to the server and select database
mysql_connect("localhost","root","");
mysql_select_db('laboursalary');
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'");
$row = mysql_num_rows($result);
if($row == 1)
{
header("Location: ../projectdetails/index.php");
} else {
echo "Failed to login";
}
}
?>
Which means you are having a row with username and password empty. Delete those rows in the table and update the below code as well.
if ($username != "" && $password !=""){
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'")
or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
header("Location: ../projectdetails/index.php");
} else {
echo "Failed to login";
}
} else
echo "Failed to login";
}
Note: Also change your mysql connection to mysqli or PDO. Because it is deprecated in the latest PHP versions.
I'm trying to connect to my database, but I don't know how to write my code for username, password, and also department since I have 4 option value for department itself. The 3 department which is area manager, operation manager, and management will be directed to same page, but admin is redirected to admin.html. How to write proper code ?
This is my login.php:
<?php
include("connect.php");
error_reporting(0);
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$query = mysql_query("SELECT *FROM login_user WHERE loginid ='$_SESSION[username]'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
$dbdepartment = $row['department'];
}
if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "am") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "om") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "m") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "a") { // echo "you're in! <a href='admin.html'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='admin.html'
</SCRIPT>");
}
else
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Something went Wrong')
window.location.href='loginmain.php'
</SCRIPT>");
}
}
?>
This is my HTML code:
<?php
include 'login.php';
session_start();
$query = mysql_query("SELECT *FROM login_user WHERE loginid='$_SESSION[username]'");
while($row = mysql_fetch_assoc($query))
{
$dbusername =$row['username'];
$dbpassword =$row['password'];
$dbdepartment =$row['department'];
}
?>
.............
<form action="login.php" method="post">
<div class="form_settings">
<p><span>Username :</span><input type="username" name="username" placeholder ="username" value = "<?php echo $username;?>" /></p>
<p><span>Password :</span><input type="password" name="password" placeholder="password" required value = "<?php echo $password;?> " /> </p>
<p><span>Department :</span><select name = "department" value ="<?php echo $department;?>/><option value ="am">Area Manager </option><option value ="om"> Operation Manager</option><option value ="m"> Management</option><option value = "a"> Admin </option></select></p><br>
<p><span>Remember Me<input type="checkbox" name="remember" value="1"></span></p>
<p style="padding-top: 15px"><span> </span><input class="submit" type="submit" name="name" value="LogIn" /></p>
</div>
</form>
This is my connect.php:
<?php
$mysql_hostname = "localhost";
$mysql_username = "root";
$mysql_password = "";
$mysql_database = "marrybrown_clean";
$bd = mysql_connect($mysql_hostname, $mysql_username, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>
This is my form.php:
<?php
require_once ("login.php");
include("connect.php");
?>
I am trying to create secure login page, but most of the code online emphasizes on username and password; how to add in for department?
I have a partial solution for your doubt.
Your code can be made secured with the htmlspecialchar(), using mysqli rather than mysql and password hashing.
I am working on login system. But, i cannot log in. I have set my database table.
login.php
<?php
session_start();
if(isset($_POST['login'])) {
include_once("db.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
and this is db.php
<? php
$db=mysqli_connect('192.168.1.113:8080','root','hidden','av');
?>
connent of users table
id
username
password
Edit Edit
Copy Copy
Delete Delete
1
a
0cc175b9c0f1b6a831c399e269772661
Your form code look right. Just change like below your login.php code:-
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('host-name','user-name','password','database-name');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
Note:- i have added connection code here only,so change the credentials there. And use this same code to check working or not?
Also if you are working on your local then change ip address to localhost and check. If it will work then it will work with include("db.php") too.I mean to say try with $conn = mysqli_connect('localhost','root','aleksandar','av');
Here is the working login.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','root','aleksandar','av');
$db = new mysqli('localhost','root','aleksandar','av');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Oh Okay.
Lets try debugging one step at a time then.
In your db.php file, use this:
// Connecting to mysql database
$db = new mysqli('192.168.1.113:8080','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
If you get any error, please dump it here for debugging.
Updated.
// Connecting to mysql database
$db = new mysqli('localhost','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
I currently have a login system on my index page; which is working fine. However, when a user logs in, it directs them to a completely new page which i don't want. How to I implement the code so that;
A) the user stays on the index page after login
B) A welcome message "Welcome...." displays on the index page.
index.html
<div id="leftmenu_top"></div>
<div id="leftmenu_main">
<div class="login">
<h3>Please login below</h3>
<br/>
<!--Log in form-->
<html>
<form action='login.php' method='POST'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br>
<input type='submit' value='Log in'>
</form>
</html>
login.php
<?php
session_start();
$username = strtolower($_POST['username']);
$password = strtolower($_POST['password']);
if ($username&&$password)
{
$connect = mysql_connect("localhost", "root", "") or die("Couldn't connect");
mysql_select_db("a&e") or die("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows==!0)
{
//code to login
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match
if($username==$dbusername&&$password==$password)
{
echo "Welcome $username";
$_SESSION['username']=$username;
}
else
echo "incorrect password";
}
else
die("That user does not exist");
}
else
die("please provide a username and password");
?>
put
header('Location: index.php');
at the bottom of the login.php
Also, if you add ?success at the end of this link and then call it in your index page it will display the message you want. Change the above code to
header('Location: index.php?status=success');
and then in you index page put this where you want the message to appear
<?php If($_GET['status'] = "success") { ?>
<p>This is a welcome message</p>
<?php } ?>
<?php if(isset($_POST['submit'])){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = "SELECT Username, Password FROM tbluser
WHERE Username = '$username' AND Password = '$password'";
$result = mysql_query($query) or die (mysql_error());
if(mysql_num_rows($result) == 0){
echo ' Password/Username is not found';
}else {
while($row = mysql_fetch_array($result)) {
echo 'You are logged in </br>';
}
}
}