I have this code in index.php
<?php
include "ch.php";
?>
ch.php
<?php
if (isset($_POST['Murad'])) {
header("Location: Main.php");
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "
INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')
";
mysql_select_db('websiteusers');
$retval = mysql_query( $sql );
if (! $retval ) {
die('Could not enter data: ' . mysql_error());
return false;
} else {
echo "Entered data successfully\n";
}
$usernamecheck=mysql_query("
SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'
");
if (mysql_num_rows($usernamecheck)>=1) {
echo $userName." is already taken";
return false;
}
}
?>
And
Main.PHP
<?php
include 'ch.php';
?>
And
<?php
echo $firstname=$_POST['firstname'];
?>
But it is not working. It worked before I put action in form instead of header but it didn't insert user in database now it inserts but it is not showing variables. Is there anyway to fix this?
1) Do not use mysql_ functions, it's deprecated and will be removed at PHP 7 stable release, choose between mysqli_ or PDO.
2) Don't open and close your php interpreter multiple times with no apparent reason. If your code is pure PHP, a standard is to never close it.
3) There should be nothing else for PHP or HTML to be processed/displayed after using header("Location: ...") function. It's the last thing you do at the script when you use it.
Related
This is my login code, cant figure out whats wrong ( the last if, always goes to the last else ). i tried everything but still no luck.
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if($_POST['submit']){
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password FROM user WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($connection, $sql);
if($query){
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[3];
}
if ($username = $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
header('Location: users.php');
}else {
header('Location: error.php');
}
}
?>
and thas my connection code
<?php
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
?>
You are going to kick yourself... you have only a single = in your if.
if ($username = $dbUsername && $password == $dbPassword) {
Should be
if ($username == $dbUsername && $password == $dbPassword) {
The single = turns it into an assignment instead of a comparison.
Beyond that you are actually doing the comparison twice; once in SQL to get back the username and password, the second time in PHP. If your query returns the user id, you already know that the username/password did the trick.
You are also mixing mysql_connect and mysqli_query (and mysql_fetch_row). As the others have suggested, you need to move to the mysqli class or to PDO. But to get you going, you need to at very least change mysqli_query to mysql_query and mysqli_fetch_row to mysql_fetch_row.
Use mysql_query($connection, $sql) instead of mysqli_query($connection, $sql);
as you are using mysql_connect
Here is PHP code
<?php
if(isset($_POST['Murad'])){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {echo "Entered data successfully\n";
}
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
return false;
}header("Location: Main.php");}
?>
User registers then when he is in his profile page as soon as he refreshes it inserts same username again.And also username and email are unique in my dt it cant insert it and gives an error
What you can do is after the form has submitted successfully,
you can reset the form
or
redirect the user to the same page
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {
echo "Entered data successfully\n";
header("Location:samepagename.php");
}
TO reset the form
this.form.reset();
call this after form has successfully submitted
Try this:
<?php
if(isset($_POST['Murad'])) {
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$link = new PDO('mysql:dbhost='.$mysql_hostname.';dbname='.$mysql_database,$mysql_user, $mysql_password);
$unamecheck = ("SELECT userName FROM websiteusers WHERE userName = :uname");
$unamecheck = $link->prepare($unamecheck);
$unamecheck->execute(array(':uname'=>$userName));
if($unamecheck->rowCount() > 0) {
echo "Username taken";
die();
} else {
$add = ("INSERT INTO websiteusers (fullname, lastname, userName, email, pass) VALUES (:fname, :lname, :uname, :pass)");
$add = $link->prepare($add);
$add->execute(array(':fname'=>$firstname, ':lname'=>$lastname, ':uname'=>$userName, ':pass'=>$password));
if($add->rowCount() > 0) {
echo "Registration successful";
header("Location: Main.php");
} else {
echo "Registration failed";
}
}
}
?>
What you are doing right now is you insert a user in the DB and after that you perform a check if the user exists. You'll have to move some code around.
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
} else {
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
}
else {
echo "Entered data successfully\n";
}
}
}
This way you first check if the user already exists. If does - you kill the script and the code after is not executed. Otherwise you insert a user in the DB
I try to insert some information about user but it gives error no database selected (im using phpmyadmin and xampp btw)
code:
<?php
$username = $_POST['username'];
$name = $_POST['name'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword)
{
mysql_escape_string($username);
mysql_escape_string($name);
mysql_escape_string($password);
mysql_escape_string($cpassword);
$md5pass = md5($password);
mysql_select_db("users");
mysql_query("INSERT INTO users (id, username, name, password) VALUES (DEFAULT, '$username', '$name', '$md5pass'") or die(mysql_error());
}
else
{
die("Passwords don't match");
}
?>
You haven't established connection with your mysql database.
Use following code to make connection with server.
$link = mysql_connect('your servers address', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
else
{
//rest of your code
}
am trying to update the databse with the pubupdate.php file with the mentioned file but it is giving error Notice: Undefined index: user in C:\xampp\htdocs\Publication\form.php on line 3
Notice: Undefined index: pass in C:\xampp\htdocs\Publication\form.php on line 4. I don't know how this page is directed to form.php. However form.php has been used to create the account of the user so that user can login into the website. The login is done by the page login.php which is using the data which has been inserted in create.php. I don't know how to solve this problem and howcome pubupdate.php is directing to form.php and how to solve this problem.
I am posting the codes which I have used.
pubupdate.php
<?php
$typereg = $_POST['papertype'];
$ptitlereg = $_POST['ptitle'];
$fauthorreg = $_POST['firstauthor'];
$coauthorreg = $_POST['coauthor'];
$abstractreg = $_POST['abstract'];
$nameconreg = $_POST['namecon'];
$areareg = $_POST['area'];
$datereg = $_POST['date'];
$startpagereg = $_POST['startpage'];
$endpagereg = $_POST['endpage'];
$countryreg = $_POST['country'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
$con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
#mysql_select_db($database, $con) or die("Unable to connect");
mysql_query("INSERT INTO `paper` VALUES('$typereg', '$ptitlereg','$fauthorreg','$coauthorreg','$abstractreg' ,'$nameconreg', '$areareg','$datereg', '$startpagereg', '$endpagereg', '$countryreg' )") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header('Location: home.php');
?>
form.php
<?php
$userreg = $_POST['user'];
$passreg = $_POST['pass'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
if($userreg && $passreg){
$con = mysql_connect('localhost', $username, $password) or die("Unalbe to connect database");
#mysql_select_db($database, $con) or die("Unalbe to connect");
mysql_query("INSERT INTO `users` VALUES('', '$userreg', '$passreg')") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header("Location : index.html");
} else {
echo "You need to have both a username and password";
}
?>
create.php
<?php
$userreg = $_POST['user'];
$passreg = $_POST['pass'];
$fnamereg = $_POST['fname'];
$lnamereg = $_POST['lname'];
$desigreg = $_POST['designation'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
if($userreg && $passreg){
$con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
#mysql_select_db($database, $con) or die("Unable to connect");
mysql_query("INSERT INTO `users` VALUES('', '$userreg','$passreg','$fnamereg','$lnamereg' ,'$desigreg')") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header('Location: index.html');
} else {
echo "You need to have both a username and password";
}
?>
In your form where you use to get the inputs i.e., Username and Password.
You should give it a name
Something like
<input type='text' name='user'>
<input type='password' name='pass'>
It is clear that you didn't give the name field in your code.
Note :
In addition you can have your class or id according to your need.
Additional Note :
For Debugging, I would recommend you to deal such errors easily by checking whether the value exists..
You can do it easily by the below code
if (isset($_POST['user']))
{
echo 'Username value is - '.$_POST['user'];
}
I'm new to PHP and SQL but I'm trying to create a simple PHP-script that allows a user to login to a website. It doesn't work for some reason and I can't see why. Every time I try to login with the correct username & password, I get the error "Wrong Username or Password". The database-name and table-name are correct.
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect("$db_host", "$db_user", "$db_pass") or die("Unable to connect to MySQL.");
mysql_select_db($db_name)or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = ("SELECT * FROM $tbl_name WHERE username='$user' and password='$pass'");
$result= mysql_query($sql);
$count 0= mysql_num_rows($result);
if($count==1){
// Register $user, $pass send the user to "score.php"
session_register("user");
session_register("pass");
header("location:score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if(!session_is_registered(user)){
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
I hope someone can find my mistake, thanks!
FYI session_register and session_is_registered are deprecated and will be removed from PHP. Also try to change your code to use mysqli or PDO. Plenty of articles explain how to do it. Finally, make sure you escape input from the user ($_POST array) because you never know what the user will send and you don't want to be prone to SQL injections. You really do not want to store passwords in clear text, so using SHA1 or MD5 is best.
Having written the above, your code becomes (you can use the $_SESSION global array directly):
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect to MySQL.");
mysql_select_db($db_name) or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = "SELECT * FROM $tbl_name "
. "WHERE username = '$user' "
. "AND password = sha1('$pass')";
$result = mysql_query($sql);
// There was an extra 0 here before the equals
$count = mysql_num_rows($result);
if ($count==1)
{
// Register $user, $pass send the user to "score.php"
$_SESSION['user'] = $user;
// You really don't need to store the password unless you use
// it somewhere else
$_SESSION['pass'] = $pass;
header("location: ./score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if (!isset($_SESSION['user']))
{
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
A couple of things
Change this line to the one with error checking i have put below it
$result= mysql_query($sql);
$result= mysql_query($sql) or die(mysql_error());
chances are there is an sql error and you are not picking it up, so the result will always have 0 rows
Also not sure if this line is a typo or not, there shouldn't be a 0 in there
$count 0= mysql_num_rows($result);