am trying to update the databse with the pubupdate.php file with the mentioned file but it is giving error Notice: Undefined index: user in C:\xampp\htdocs\Publication\form.php on line 3
Notice: Undefined index: pass in C:\xampp\htdocs\Publication\form.php on line 4. I don't know how this page is directed to form.php. However form.php has been used to create the account of the user so that user can login into the website. The login is done by the page login.php which is using the data which has been inserted in create.php. I don't know how to solve this problem and howcome pubupdate.php is directing to form.php and how to solve this problem.
I am posting the codes which I have used.
pubupdate.php
<?php
$typereg = $_POST['papertype'];
$ptitlereg = $_POST['ptitle'];
$fauthorreg = $_POST['firstauthor'];
$coauthorreg = $_POST['coauthor'];
$abstractreg = $_POST['abstract'];
$nameconreg = $_POST['namecon'];
$areareg = $_POST['area'];
$datereg = $_POST['date'];
$startpagereg = $_POST['startpage'];
$endpagereg = $_POST['endpage'];
$countryreg = $_POST['country'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
$con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
#mysql_select_db($database, $con) or die("Unable to connect");
mysql_query("INSERT INTO `paper` VALUES('$typereg', '$ptitlereg','$fauthorreg','$coauthorreg','$abstractreg' ,'$nameconreg', '$areareg','$datereg', '$startpagereg', '$endpagereg', '$countryreg' )") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header('Location: home.php');
?>
form.php
<?php
$userreg = $_POST['user'];
$passreg = $_POST['pass'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
if($userreg && $passreg){
$con = mysql_connect('localhost', $username, $password) or die("Unalbe to connect database");
#mysql_select_db($database, $con) or die("Unalbe to connect");
mysql_query("INSERT INTO `users` VALUES('', '$userreg', '$passreg')") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header("Location : index.html");
} else {
echo "You need to have both a username and password";
}
?>
create.php
<?php
$userreg = $_POST['user'];
$passreg = $_POST['pass'];
$fnamereg = $_POST['fname'];
$lnamereg = $_POST['lname'];
$desigreg = $_POST['designation'];
$taken = "false";
$database = "publication";
$password = "";
$username = "root";
if($userreg && $passreg){
$con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
#mysql_select_db($database, $con) or die("Unable to connect");
mysql_query("INSERT INTO `users` VALUES('', '$userreg','$passreg','$fnamereg','$lnamereg' ,'$desigreg')") or die("Strange Error");
echo "Account Created";
mysql_close($con);
header('Location: index.html');
} else {
echo "You need to have both a username and password";
}
?>
In your form where you use to get the inputs i.e., Username and Password.
You should give it a name
Something like
<input type='text' name='user'>
<input type='password' name='pass'>
It is clear that you didn't give the name field in your code.
Note :
In addition you can have your class or id according to your need.
Additional Note :
For Debugging, I would recommend you to deal such errors easily by checking whether the value exists..
You can do it easily by the below code
if (isset($_POST['user']))
{
echo 'Username value is - '.$_POST['user'];
}
Related
I am building as a site as an admin and learn more about php. I am not sure what is wrong with my script, but I have to login twice to the page in order for it to work. Can anybody help me on what I am doing wrong here or am I missing something?
Thank you.
Submit page - including the post.
<?php
if(isset($_POST['submit']))
{
include('common.php');
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($sqlquery = $conn->prepare("SELECT userID FROM user WHERE username = ? AND password = ?"))
{
$sqlquery->bind_param("ss", $username, $password);
$sqlquery->execute();
$sqlquery->store_result();
$count = $sqlquery->num_rows;
if($count > 0)
{
$sqlquery->bind_result($userid);
$sqlquery->fetch();
$_SESSION['currentUserID'] = $userid;
echo "<META http-equiv='refresh' content='0;URL=http://www.whatever.com/newPage.php'>";
}
else
{
echo "Wrong Username or Password";
}
}
}
The common.php has the info of the database and everything.... Here is it copied.
<?php
$db_server = "localhost";
$db_name = "something";
$db_username = "something";
$db_password = "something";
$conn = mysqli_connect($db_server, $db_username, $db_password, $db_name );
if (session_status() == PHP_SESSION_NONE) {
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/session'));
session_start();
//echo "new session started user id: ".$_SESSION['currentUserID'];
}
if (!$conn)
{
print "Could not connect." ;
exit;
}
?>
Still loggin in even if the username and password is incorrect and also logins even if the value is null
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if ($_POST) {
$uname = $_POST ["username"];
$pass = $_POST ["password"];
$sql = "SELECT * FROM users WHERE username = '$uname' AND password = '$pass' LIMIT 1 ";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1){
include("graph.php");
} else {
echo "Incorrect";
}
}
?>
First of all and very important it that you are open to SQL Injection attack, so you should use prepared statements, here is how should use your code, but instead of echo "Incorrect"; you should render different answer for each case:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if (isset($_POST["username"]) && isset($_POST["password"])) { // Check if you have posted data via POST
$uname = $_POST["username"];
$pass = $_POST["password"];
$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1 ";
if($stmt = $conn->prepare($sql)) { // Check for MySQL errors
$stmt->bind_param('ss', $uname, $pass);
if ($stmt->execute()) {
$stmt->close();
include("graph.php");
} else { // There is a problem with your SELECT // bind params
echo "Incorrect";
}
} else { // You should handle mysql errors here
echo "Incorrect";
}
} else { // You don't have POST data
echo "Incorrect";
}
?>
Prepared statements
Like #Kuya notice you have and many other problems, there is a lot of tutorials in Google about implementation of login system.
You must check the post request with isset() in php like this :
<?php
if (isset($_POST["username"] && isset($_POST["password"]))) {
//..... Your code here
}else {
echo "Incorrect password or username";
}
?>
I created a login page in PHP with session. everything is going well. but when i try to output the session in other page. it giving me NOTICE
Notice: Undefined variable: email in C:\xampp\htdocs\COIN Website\test5.php on line 81
Notice: Undefined variable: email in C:\xampp\htdocs\COIN Website\test5.php on line 82
Notice: Undefined variable: email in C:\xampp\htdocs\COIN Website\test5.php on line 84
I don't know whats wrong. Actually, I am new to PHP.
here is the login page
<?php
session_start();
if (isset($_POST['submit'])) {
$servername = "localhost";
$username = "root";
$password = "";
$db_name = "coins";
$con = mysqli_connect("$servername", "$username", "$password","$db_name");
$email = mysqli_real_escape_string($con, $_POST['email']);
$eth = mysqli_real_escape_string($con, $_POST['eth']);
if (empty($email) || empty($eth)) {
header("Location: home.php?Login=Empty_fields");
exit();
} else{
$sql = "SELECT * FROM users WHERE email='$email' ";
$result = mysqli_query($con, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: home.php?Login=user_does_not_exist");
exit();
}
else {
$check = mysqli_query($con, "SELECT email FROM users WHERE eth='$eth'");
if (mysqli_num_rows($check) >= 1) {
$_SESSION['email'] = $row['email'];
$_SESSION['eth'] = $row['eth'];
header("Location: pow.php?Login=Success");
} else {
header("Location: home.php?Login=invaild_email_or_eth address");
}
}
}
}else {
header("Location: home.php?Login=Error");
exit();
}
?>
and the other page code
if (isset($_POST['submit'])) {
$servername = "localhost";
$user = "root";
$password = "";
$dbname = "coins";
// Create connection
$conn = new mysqli($servername, $user, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$_SESSION['email'] = $email;
echo $email;
$sql = "INSERT INTO profile (email, action_points)
VALUES ('$email' , '0.003')";
if ($conn->query($sql) === TRUE) {
echo "success";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
You can try like this. you are doing wrong with get session variable value.
<?php session_start();
// check session
if(isset($_SESSION['email']))
{
$email = $_SESSION['email'];
// Now you can do your stuff
}
else
{
echo "session not set for email";
die;
}
I have this code in index.php
<?php
include "ch.php";
?>
ch.php
<?php
if (isset($_POST['Murad'])) {
header("Location: Main.php");
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "
INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')
";
mysql_select_db('websiteusers');
$retval = mysql_query( $sql );
if (! $retval ) {
die('Could not enter data: ' . mysql_error());
return false;
} else {
echo "Entered data successfully\n";
}
$usernamecheck=mysql_query("
SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'
");
if (mysql_num_rows($usernamecheck)>=1) {
echo $userName." is already taken";
return false;
}
}
?>
And
Main.PHP
<?php
include 'ch.php';
?>
And
<?php
echo $firstname=$_POST['firstname'];
?>
But it is not working. It worked before I put action in form instead of header but it didn't insert user in database now it inserts but it is not showing variables. Is there anyway to fix this?
1) Do not use mysql_ functions, it's deprecated and will be removed at PHP 7 stable release, choose between mysqli_ or PDO.
2) Don't open and close your php interpreter multiple times with no apparent reason. If your code is pure PHP, a standard is to never close it.
3) There should be nothing else for PHP or HTML to be processed/displayed after using header("Location: ...") function. It's the last thing you do at the script when you use it.
I'm new to PHP and SQL but I'm trying to create a simple PHP-script that allows a user to login to a website. It doesn't work for some reason and I can't see why. Every time I try to login with the correct username & password, I get the error "Wrong Username or Password". The database-name and table-name are correct.
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect("$db_host", "$db_user", "$db_pass") or die("Unable to connect to MySQL.");
mysql_select_db($db_name)or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = ("SELECT * FROM $tbl_name WHERE username='$user' and password='$pass'");
$result= mysql_query($sql);
$count 0= mysql_num_rows($result);
if($count==1){
// Register $user, $pass send the user to "score.php"
session_register("user");
session_register("pass");
header("location:score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if(!session_is_registered(user)){
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
I hope someone can find my mistake, thanks!
FYI session_register and session_is_registered are deprecated and will be removed from PHP. Also try to change your code to use mysqli or PDO. Plenty of articles explain how to do it. Finally, make sure you escape input from the user ($_POST array) because you never know what the user will send and you don't want to be prone to SQL injections. You really do not want to store passwords in clear text, so using SHA1 or MD5 is best.
Having written the above, your code becomes (you can use the $_SESSION global array directly):
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect to MySQL.");
mysql_select_db($db_name) or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = "SELECT * FROM $tbl_name "
. "WHERE username = '$user' "
. "AND password = sha1('$pass')";
$result = mysql_query($sql);
// There was an extra 0 here before the equals
$count = mysql_num_rows($result);
if ($count==1)
{
// Register $user, $pass send the user to "score.php"
$_SESSION['user'] = $user;
// You really don't need to store the password unless you use
// it somewhere else
$_SESSION['pass'] = $pass;
header("location: ./score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if (!isset($_SESSION['user']))
{
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
A couple of things
Change this line to the one with error checking i have put below it
$result= mysql_query($sql);
$result= mysql_query($sql) or die(mysql_error());
chances are there is an sql error and you are not picking it up, so the result will always have 0 rows
Also not sure if this line is a typo or not, there shouldn't be a 0 in there
$count 0= mysql_num_rows($result);