I found a tutorial for a mysqli and php login page to add to a website, i followed that tutorial step by step, spent at least 7 hours trying to figure out why it won't work, searching Google endlessly but nothing.
The code seems to be working but it seems two variables won't declare and it's skipping over them, I'll enter an email and password, hit log in, then ill get the notification 'Email or password are incorrect' the database is setup correctly and linked it just seems like it's one line of code and i can't figure it out.
Any input is welcome even if it's something basic, i am only learning this stuff hence the tutorial i was following, just want to know what is wrong and why.
Thanks.
Html Code
<!DOCTYPE html><?php session_start();?>
<html>
<head>
<title>Sign In</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/style.css"/>
</head>
<body>
<div id="container">
<header>
<img src="images/Header.jpg" alt="logo" />
</header>
<header>
<img src="images/login.jpg" alt="login" />
<img src="images/Facebook.jpg" alt="FB" />
<img src="images/Twitter.jpg" alt="Twitter" />
</header>
<div class="menu">
<div align="center">
<ul class="list">
<li class="item">Home
<li class="item">Gallery
<li class="item">Videos
<li class="item">Discography
<li class="item">Register
<li class="item">About
<ul class="list">
<li>Alex Turner</li>
<li class="list">
Matt Helders
<ul class="list">
Jamie Cook
<ul class="list">
Nick O'Malley
<ul class="list">
Andy Nicholson
<ul class="list">
</ul>
</li>
</div>
</div>
<div align="center"><BR><BR><BR><BR>
<body id="body-color">
<div id="Sign-In">
</head>
<form action="login.php" method="post">
<table width="500" align="center">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login"/>
</td>
</tr>
</table>
</form>
<br><br>
<br><br>
<H3>If you do not have an account please register HERE<br>otherwise access is restricted to member pages<h3>
</div>
</body>
</html>
Here's the php code
<!DOCTYPE html><?php session_start();?>
//Forgot this line when first posting //
<?php
// establishing the MySQLi connection
$con = mysqli_connect("localhost","root","","info");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established: " . mysqli_connect_error();
}
// checking the user
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['pass']);
$sel_user = ("select * from users where user_email='$email' AND user_pass='$pass'");
//This is where i think my problem is, $email and $pass are highlighted grey
instead of how normally declared variables would look. //
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0){
$_SESSION['user_email']=$email;
echo "<script>window.open('home.php','_self')</script>";
}
else {
echo "<script>alert('Email or password is not correct, try again!')</script>";
}
}
?>
Here is a link to screenshots they might give more clarity [http://imgur.com/bX6HSmD,qFvyTGK,xEEiBi6,yAEvqAR,OdgRYFZ,U48OWkh]
Your screenshot's password column is user_password but your column is user_pass in your query.
AND user_pass='$pass'
^^^^^^^^^
Having checked for errors would have signaled that, unknown column.
As I mentioned in comments to add or die(mysqli_error($con)) to mysqli_query().
Edit:
It has been mentioned but I am including this here, should some of those comments get deleted in regards to password storage and prepared statements.
Since you appear to be new at this, it's good to start learning about using proper hashing and safe queries.
Storing passwords in plain text isn't safe, not for online use anyway or should anyone hack into your own PC; it is highly discouraged.
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
use if(session_id() == "")
{session_start();} at the top of the page, anything before
You need to start a session in all your PHP Scripts which use sessions. Use: session_start();before calling $_SESSION and then set the $_SESSION with the desired value.
Related
I did complete a website for online Entrance form for students as my demo project to learn. When I run from my local server it works fine but when I uploaded on webserver and tasted index.php and other files run fine except when user enter his/her symbol no to check if he/she already been registered or not..I have coded a logic
if (exists)>Show admit card
if(don't exist)>show alert box
It works fine in local server but in webserver when I enter value in search box and enter then it shows empty page with no any error.
I have one row in my database. So in case you wanna check here is the symbol no in column =15369-2017-02 . On Entering submit it should show admit card and you can enter any random value other then this .which should show alert box.
Here is my website
https://cmprc.edu.np/condensed/entrance_form_demo/studntreport/main/
This is the code of file which is not responding and showing blank
<html>
<head>
<title>
CDP || Admission Form
</title>
<link href="css/bootstrap.css" rel="stylesheet">
<link href="../style.css" media="screen" rel="stylesheet" type="text/css" />
<body style="background-color: white;">
<?php
include('../connect.php');
$var_value = $_POST['search_value'];
echo $var_value;
$sql="SELECT * FROM entrance WHERE re_value='$var_value'";
$STH = $db->prepare($sql);
$STH->execute(array($var_value));
$User = $STH->fetch();
if (empty($User))
echo "<script>alert('Sorry, you Have not Registered yet');
window.location = 'index.php';</script>";
else
$result = $db->prepare("SELECT * FROM entrance
WHERE re_value = '$var_value' ORDER BY id ASC;");
$result->execute();
for($i=0; $row = $result->fetch(); ){
?>
<link href="../style.css" media="screen" rel="stylesheet" type="text/css" />
<center><h4><i class="icon-edit icon-large"></i> You've Already Registered</h4></center>
<hr>
<center>
<div class="panel panel-default">
<div class="container">
<div class="row">
<div class="col-md-4 seventy">
<img src="img/admit.png"/ >
</div>
<div class="col-md-8 thirty">
<img src="../image/profile/<?php echo $row['pic_value'];?>" class="roundimage2" alt=""/>
</div>
</div>
</div>
<hr>
<table style=" width: 500px;">
<tr>
<td >Roll no: </td>
<td> <?php echo $row['id']; ?></td>
</tr>
<tr>
<td >Name : </td>
<td > <?php echo $row['name_en_value']; ?></td>
<td > Subject: </td>
<td > <?php echo $row['ge_value']; ?> </td>
</tr>
</table>
<br><br>
<h5><i><strong>STUDENTS MUST BRING THIS ADMIT CARD ON THE DAY OF EXAMINATION</strong></i></h5>
<br>
</div>
</center>
<?php
}
?>
</body>
<?php include('footer.php');?>
</html>
Any help? I did almost finished it which I was working continously for 4-5 Days.
It seems that your php is not executed correctly. Maybe try to enable error reporting to get a hint of what's wrong.
Include the following at the beginning of your destination file (my.php)
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
Hey there stackoverflow users, i have come upon a very confusing problem that I cant seem to move past. I am creating a forum type web page and am currently working on the comments section. I have a form that uses the post method to send your comment as well as a hidden input to store the threads ID. I will post the entire php file below just to make sure nothing is left out.
<?php
session_start();
parse_str($_SERVER['QUERY_STRING'], $link);
$threadID = $link['ID'];
require("config.php");
$connection = mysqli_connect($host, $user, $password, $database);
$error = mysqli_connect_error();
if($error != null) {
$output = "<p>Unable to connect to database!</p>";
exit($output);
} else {
//Get Thread Data
$query = "SELECT username, title, content FROM threads, users WHERE threads.ID = $threadID AND users.ID = threads.makerID;";
$results = mysqli_query($connection, $query);
$row = mysqli_fetch_assoc($results);
//Get Comment Data
$query = "SELECT username, comment FROM comments, users WHERE threadID = $threadID AND users.ID = comments.makerID;";
$results = mysqli_query($connection, $query);
$row = mysqli_fetch_assoc($results);
}
?>
<!DOCTYPE html>
<html>
<head lang="en">
<title>BodyweightMate</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="../css/styling.css"/>
</head>
<body>
<!--Top masthead-->
<header class="masthead" id="top">
<h1 class="masthead-title"> Welcome To BodyweightMate </h1>
</header>
<!--Navigation bar-->
<nav class="navbar">
<table class="navbar-table">
<tr>
<!--Logo-->
<td>
<a class="navbar-brand" href="main.php">
<img src="../images/logo.jpg" alt="BodyweightMate" height="30" width="30">
</a>
</td>
<!--Login/Profile-->
<?php if(isset($_SESSION['login_user'])) {
echo"<td><a class=\"navbar-profile\" href=\"profile.php\"> Profile </a></td>";
echo"<td><a class=\"navbar-logout\" href=\"logout.php\"> Logout </a></td>";
} else {
echo"<td><a class=\"navbar-login\" href=\"login.php\"> Login </a></td>";
}?>
</tr>
</table>
</nav>
<!--Main portion-->
<section class="content-section">
<article>
<h3><?php echo $row['username']. ": " .$row['title']; ?></h3>
<p><?php echo $row['content']; ?></p>
<br>
<h3>Comments</h3>
<p>Some annoying user: Gr8 B8 M8</p>
<p>Annoying users friend: I R8 8/8</p>
</article>
<div>
<!--If logged in, ability to comment-->
<?php if(isset($_SESSION['login_user'])): ?>
<form role="comment-form" method="POST" action="processcomment.php" id="mainForm">
<input type="hidden" value="$threadID" name="threadID">
<div class="form-group">
<label for="comment">Comment </label> <br>
<textarea class="comment-text" name="comment" rows="2" maxlength="255"></textarea>
</div> <br>
<input type="Submit" class="btn-newcomment" value="Submit Comment" name="submit">
</form>
<?php endif ?>
</div>
</section>
<!--Right portion-->
<aside class="content-aside">
<div>
<!--If logged in, be able to create a thread-->
<?php
if(isset($_SESSION['login_user'])) {
echo"<form method=\"post\" action=\"makethread.php\">";
echo"<input type=\"submit\" class=\"btn-newthread\" value=\"Create New Thread\" name=\"submit\">";
echo"</form>";
}
?>
</div>
<!--Info-->
<div>
<p> GOING TO NEED A SEARCH FUNCTION HERE
This is the cool little aside section. It will always be there to provide you with some very nice little details, helpful links, maybe a list of moderators? who knows! The uses are endless when you have a beautiful little aside like this one! Here are a few very useful bodyweight fitness links to get us started :D </p>
</div>
<br>
<div>
<ul class="content-aside-links">
<li>
Reddit's Bodyweightfitness Forum
</li>
<li>
Reddit's Bodyweightfitness RR
</li>
<li>
Antranik's Bodyweightfitness Routine
</li>
</ul>
</div>
<div></div>
</aside>
<!--Footer -->
<footer class="footer">
<div>
<p> Use of this site constitutes acceptance of our User Agreement © 2017 BodyweightMate inc. All rights reserved. </p>
</div>
</footer>
</body>
</html>
The error is occurring under the main portion where i check if a user is logged in, and if they are add a short form consisting of a message, a text area, and a submit button. This form sends the information to the following php file.
<?php
session_start();
if(!isset($_SESSION['login_user'])) { header("location: main.php"); }
?>
<!DOCTYPE html>
<html>
<body>
<?php
require("config.php");
$connection = mysqli_connect($host, $user, $password, $database);
$error = mysqli_connect_error();
if($error != null) {
$output = "<p>Unable to connect to database!</p>";
exit($output);
} else {
//Validation
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$comment = $_POST['comment'];
$threadID = $_POST['threadID'];
$user = $_SESSION['login_user'];
} else {
//Redirect back to register
echo"<p>Form must use post or input was bypassed.</p>";
echo" Return to home page. ";
mysqli_close($connection);
exit();
}
There is no issue with connecting to the database, and I don't believe the remainder of the code is necessary to help me with this error since that one if statement of checking if the form is using post is failing and the else statement is always called. Why is this? i have rewritten the form multiple times ensuring that its properly structured and using post yet it fails every time!
Hi all I don't know if anyone will or can help me but for the last week or so I have been trying to make up a profile page setup on my website but I can not get the pages to register any echo's or jest even php (It gives me blank pages and or tell me an error 500 server error)
I have set up my website with a static page for my logo, navbar and footer and using a include line to get the content on the pages. (I hope that makes sense).
if I put any form of php into the content pages it give me errors of 500 server error and or the pages just turns completely white.
Is there a specific way to show SQL content and or any PHP with this set up? if anyone knows any tutorials or could lend a hand that would be amazing (Any help will be placed onto the website on the Credits page).
Here is the static page code:
<?php require '../connection/conn.php'; ?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="../css/Master.css" />
<link rel="stylesheet" type="text/css" href="../css/Menu.css" />
<link rel="stylesheet" type="text/css" href="../css/AboutImages.css" />
<link rel="stylesheet" type="text/css" href="../css/Form.css" />
</head>
<body>
<div class="container">
<div class="header">
<div id="logindata"></div>
</div>
<div class="menu">
<nav>
<ul class="cssmenu">
<li>Home</li>
<li>About Us</li>
<li>Videos</li>
<li>Contact Us</li>
<li>Forum</li>
<li></li>
<li>My Account</li>
<li>Logout</li>
</ul>
</nav>
</div>
<div class="content">
<?php echo $content;?>
</div>
<div class="footer">
<p>All Rights Reserved, LPGamers.com, Created And Built by Robert Prince & Amber Milton-White</p> Credits Page
</div>
</div>
</body>
</html>
And the content page:
<?php
$title = 'LPGamers -- Personal Account';
$content = '
<div id="formbox">
<form action="" method="GET">
<p>Search for you friends here !</p>
<input type="text" class="tfield">
<input type="submit" class="button">
</form>
</div>
<div class="ppicture">
<img src="" />
</div>
<div class="pd">
</br>
<p class="pdp">
Account id: # $userid
</p>
</br>
<p class="pdp">
Name:
</p>
</br>
<p class="pdp">
Age:
</p>
</br>
<p class="pdp">
Your Email:
</p>
</br>
<p class="pdp">
Your Bio:
</p>
</div>
';
include ("Site_View.php");
?>
If this help any more Thanks in advance
Edited the answer, it looks like some content of the original post was not displayed initially.
Do not put the form in the PHP code, it is not needed. You want to put the result probably there.
If you want to get data from SQL in PHP do the following:
Prerequisite: setup the php.ini to use whatever database you need, like:
extension=php_sqlsrv_56_nts.dll
Define a database connection
$serverName = "myserver";
$usr="mySQLuser";
$pwd="mySQLpass";
$db="mydatabase";
$connectionInfo = array("UID" => $usr, "PWD" => $pwd, "Database" => $db);
$conn = sqlsrv_connect($serverName, $connectionInfo);
if( !$conn ) {
die( print_r( sqlsrv_errors(), true));
}
Use the SQL connection to retrieve data.
$sql = "Select name from Users where users.name = " . $myparam;
note: the example above is vulnerable to SQL injection, but it is an easy start for coding, you can fix this later when you are familiar with it. Also you need to give a value to $myparam first.
Then:
$stmt = sqlsrv_query($conn, $sql);
sqlsrv_next_result($stmt);
sqlsrv_fetch($stmt);
if( $stmt === false) {
die( print_r( sqlsrv_errors(), true) );
}
Now you can use the data when you want, like this:
<?php
while( $row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC) ) {
$returnedName = $row['name'];
echo $returnedName;
}
?>
I am trying to create a log in form which allows user to log in, based on their registration details (which is saved in a flat file) and this what I have come up with so far.
At the moment the this code allow any user to log in even when there are not on the registration.
<html>
<body>
<table align="center">
<tr>
<th><h3>MY ACCOUNT</h3></th>
</tr>
<form action = "index.php" method = "POST">
<tr>
<td>Username:</br><input type="text" name="username"></br></td>
</tr>
<tr>
<td>Password:</br><input type="password" name="password"></br></td>
</tr>
<tr>
<td align = "center"><input type="submit" name = "submit"></td>
</tr>
</form>
</table>
<?php
if (isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$file = file_get_contents("data.txt");
if(empty($_POST['username']) || empty($_POST['password'])){
die (print '<script> alert ("You must enter both your username and password to continue."); window.location="index.php"; </script>');
}
if(!strstr($file, "$username#$password")) {
die(print '<script> alert ("Wrong"); window.location="index.php"; </script>');
}
else {
header("Location: wacc.php");
}
}
?>
Please what is wrong with code
In your other post here you were given a suggestion to use a script called PHP Login. This would help solve a lot of your problems if you follow this suggestion.
I suggest you change the strstr to the strpos function, it's the desired function for checking if a string occurs, and works ok.
So:
if(!strstr($file, "$username#$password")) {
To:
if(strpos($file, "$username#$password") === false) {
Note the === , it needs to be false, not 0 or ''. See for more info http://www.php.net/function.strpos
Edit
The logging in always is most of the time true, because whats happening is that your searching for if the specified string is occurring in your text document. Now, incase that if you leave both fields $username and $password empty, it will be true ( is there a # in the text document? Yes. ) This also applies when you write a valid part username or password.
I would suggest you rethink this login system, and use a PHP array or database to match a valid username and password. If you just want a simple bump for visitors, try adding an delimiter.
In your username and password list for example:
#username#password#
And as strpos function
if(strpos($file, "#$username#$password#") === false) {
With adding the # before and after, your script always nows where the username must start and must end, and the same for the password. If the username was too short, too long, or empty the # gets added anyway and will the strpos will then be wrong (is there an ### in the list? No.).
you could use facebook login instead.
I dont think a flat file login could ever be totally secure. /shrug.
Facebook is really easy though and is a multi-billion dollar corporation that pays programmers to make it as secure as possible. No need to worry about security at all.
<?php
require 'fbconfig.php'; // Include fbconfig.php file
?>
<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Login with Facebook</title>
<link href="http://www.bootstrapcdn.com/twitter-bootstrap/2.2.2/css/bootstrap-combined.min.css" rel="stylesheet">
</head>
<body>
<?php if ($user): ?> <!-- After user login -->
<div class="container">
<div class="hero-unit">
<h1>Hello <?php echo $fbuname; ?></h1>
<p>Welcome to "facebook login" tutorial</p>
</div>
<div class="span4">
<ul class="nav nav-list">
<li class="nav-header">Image</li>
<li><img src="https://graph.facebook.com/<?php echo $user; ?>/picture"></li>
<li class="nav-header">Facebook ID</li>
<li><?php echo $fbid; ?></li>
<li class="nav-header">Facebook Username</li>
<li><?php echo $fbuname; ?></li>
<li class="nav-header">Facebook fullname</li>
<li><?php echo $fbfullname; ?></li>
<div>Logout</div>
</ul></div></div>
<?php else: ?> <!-- Before login -->
<div class="container">
<h1>Login with Facebook</h1>
Not Connected
<div>
Login with Facebook</div>
</div>
<?php endif ?>
</body>
</html>
I am new to php and been taking a php programing class this summer semester and i was wondering if someone can help me figure what i need to do in order for things to work.
I am working on a final project and we had to build our on little database on the subject that we wanted. So I choose to do a movie database. And I had used some code already from my_guitar_shop from murach's php book. which is the Murach's php and mysql book. And for some reason when I go to index.php page, I can not get my information to show up in my table on my page.
I will show you the code for my index page
<?php
require_once('database.php');
if (isset($_POST['deleteThis'])) {
$deleteThis = $_POST['deleteThis'];
$sqlDel="DELETE FROM categories WHERE categoryID = $deleteThis";
$temp=$db->exec($sqlDel);
}
// Get all categories
$query = 'SELECT * FROM categories
ORDER BY categoryID';
$categories = $db->query($query);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml">
<!-- the head section -->
<head>
<title>My Movie Store</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<!-- the body section -->
<body>
<center>
<div id="heading">My Movie Store</div>
</center>
<div id="page">
<div id="header">
<h1>Top Movies</h1>
</div>
<div id="main">
<h1>Movie List</h1>
<table class="content">
<tr>
<th>Title</th>
<th>Date</th>
<th> </th>
</tr>
<?php foreach($categories as $cat) {
?>
<tr>
<td><?php echo $cat['categoryName'];?>
</td>
<form method="post" action="category_list.php">
<input type="hidden" name="deleteThis"
value="<?php echo $cat['categoryID']; ?> " />
<td></td>
<td><input type="submit" value="Delete" />
</td>
</form>
<?php
}
?>
</table>
<br />
<h2>Add a Movie</h2>
<!-- add code for the form here -->
<p>
Add Movie
</p>
<br />
<p>
Movie List
</p>
</div>
<!-- end main -->
<div id="footer">
<p>
©
<?php echo date("2012"); ?>
My Movie Store, created by Kara Holey
</p>
</div>
</div>
<!-- end page -->
</body>
</html>
My database name is called moviedatabase that i had created in localhost/phpmyadmin and my 2 tables underneath the database are called categories and movies. and for some reason thsi is the error that i get on this page.
Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\1306\finalp\index.php on line 82
If anyone can help me that would be great.
If you're using PDO, this probably means your query failed and the output of $db->query() is false.
To avoid this problem, I would suggest enabling exception handling:
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can add this to database.php. Doing this will produce a very obvious and hard-to-miss exception if a query fails with details as to why it failed.
$categories = $db->query($query) // this is your problem
I think your foreach() is not receiving a valid array. Try troubleshooting with a static array you create!!
example make
$categories = array("A","B");
foreach($categories as $value){
echo $value."<br/>";
}
Your variable $categories in foreach loop isn't a valid collection that's why php gives you this error. You need to see what $categories really is.
I doubt it might be a resource returned from your query or could be a null.