// I have updated my code php and improve my question
i have a login form, and when i wrong password i don't have this error:
"your are not register or your password is wrong !"
I have nothing, there is nothing that appears.
this is my code php, my data is mongodb :
<?php
if (isset($_POST['submit']) && $_POST['submit'] == "Login"){
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$error = array();
// Username Validation
if (empty($username)) {
$error[] = " <h2> complete username </h2>";
}
if (empty($password)) {
$error[] = " <h2> complete password</h2> ";
}
// connexion data
if (count($error) == 0)
{
$host = 'localhost';
$database_name = 'Projet';
$database_user_name = '';
$database_password = '';
$connection = new MongoClient();
if ($connection)
{
// select data
$database = $connection->$database_name;
// Select collection
$collection = $database->reg_users;
$user_data = array(
"username" => $username,
"password" => md5($password)
);
$result = $collection->find($user_data);
if ($result>0)
{
header("Location: Articles.php");
foreach ($result as $doc)
{
$_SESSION['email'] = $doc['email'];
$_SESSION['username'] = $doc['username'];
}
}else{
$error[] = " <h2> your are not register or your password is wrong ! </h2>";
}
} else {
$error[] = " no mongodb connection";
}
}
if(count($error) > 0)
{
foreach($error as $e)
{
echo $e;
}
}
}
isset will return a boolean result and therefor needs to be written more like this if you want that code block to execute:
if (isset($_POST['submit']) && $_POST['submit'] == "Login")
Related
At the very bottom I have posted what is visible on the webpage. Not sure what I'm doing, I will post other .php files that are linked to this if necessary. The webpage is also unusable, clicking login will do nothing except refresh the page. Not sure what changed but it was working before adding a few lines of code. I had trouble with new on login.php which accesses my database with connect.php
<?php
session_start();
include("classes/connect.php");
include("classes/login.php");
$email = "";
$password = "";
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$login = new Login();
$result = $login->evaluate($_POST);
if($result != "")
{
echo "<div style='text-align:center;font-size:12px;color:white;background-color:grey;'>";
echo "<br>The following errors occured:<br><br>";
echo $result;
echo "</div>";
}else
{
header("Location: profile.php");
die;
}
$email = $_POST['email'];
$password = $_POST['password'];
}
?>
This is what is displayed at the top of the webpage
'''
evaluate($_POST);
if($result != "")
{
echo "
else
{
header("Location: profile.php");
die;
}
$email = $_POST['email'];
$password = $_POST['password'];
}
?>
'''
My login.php class starting throwing errors due to changing
'''
$DB = new Database();
$result = DB->read($query);
'''
to
'''
$DB = Database();
$result = (new db)->read($query);
'''
Here is the login.php class I have stored in my classes folder
'''
<?php
class Login
{
private $error = "";
public function evaluate($data)
{
$email = addsLashes($data['email']);
$password = addsLashes($data['password']);
$query = "select * from users where email = '$email' limit 1 ";
$DB = Database();
$result = (new db)->read($query);
if($result)
{
$row = $result[0];
if($password == $row['password'])
{
//create session data
$_SESSION['site_userid'] = $row['userid'];
}else
{
$error .= "wrong password<br>";
}
}else
{
$error .= "No such email was found<br>";
}
return $error;
}
}
'''
This is able to connect to the database using the code from connect.php where I created the Database class
'''
<?php
class Database
{
private $host = "localhost";
private $username = "root";
private $password = "root";
private $db = "site_db";
function connect()
{
$connection = mysqli_connect($this->host,$this->username,$this->password,$this->db);
return $connection;
}
function read($query)
{
$conn = $this->connect();
$result = mysqli_query($conn,$query);
if(!$result)
{
return false;
}
else
{
$data = false;
while($row = mysqli_fetch_assoc($result))
{
$data[] = $row;
}
return $data;
}
}
function save($query)
{
$conn = $this->connect();
$result = mysqli_query($conn,$query);
if(!$result)
{
return false;
}else
{
return true;
}
}
}
?>
'''
I really think changing the new function messed everything up. I am following a tutorial which did not use (new db) and just new Database. Using new Database will throw a fatal error.
Looks like a copy/paste error where there's some duplicate code.
Is the following what you want?
<?php
session_start();
include("classes/connect.php");
include("classes/login.php");
$email = "";
$password = "";
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$login = new Login();
$result = $login->evaluate($_POST);
if($result != "")
{
echo "<div style='text-align:center;font-size:12px;color:white;background-color:grey;'>";
echo "<br>The following errors occured:<br><br>";
echo $result;
echo "</div>";
}else
{
header("Location: profile.php");
die;
}
$email = $_POST['email'];
$password = $_POST['password'];
}
?>
I am trying to create a login page, and everything works as expected, except for when a wrong username is entered, I get the error Notice: Trying to access array offset on value of type null for the line if ($_POST['username'] != $row['username']) { in the below code, and I do not understand enough to fix it, as I am still pretty new to this. Any help or suggestions would be greatly appreciated. Any advice on proper ways to write and/or execute my code is welcome as well, thank you.
session_start();
$DATABASE_HOST = "localhost";
$DATABASE_USER = "root";
$DATABASE_PASSWORD = "";
$DATABASE_NAME = "tasktracker";
$link = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASSWORD, $DATABASE_NAME);
if (mysqli_connect_errno()) {
exit("Failed to connect to database: " . mysqli_connect_error());
}
//Server side form validation
if ($_POST) {
if (!$_POST['username']) {
$error .= "A username is required!<br>";
}
if (!$_POST['password']) {
$error .= "A password is required!<br>";
}
if (strlen($_POST['password']) < 8) {
$error .= "Your password must be greater than 8 characters!<br>";
}
if (strlen($_POST['password']) > 30) {
$error .= "Your password must be less than 30 characters!<br>";
}
if ($error != "") {
$error = '<div class=""><p><strong>There were issues(s) in your form:</strong></p>' . $error . '</div>';
echo $error;
} else {
//Log user in
$query = "SELECT * FROM users WHERE username = '".mysqli_real_escape_string($link, $_POST['username'])."' LIMIT 1";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_assoc($result);
if ($_POST['username'] != $row['username']) {
$error = "That username is incorrect.";
} else if (md5(md5($row['id']).$_POST['password']) != $row['password']) {
$error = "That password is incorrect.";
} else {
echo 1;
}
if ($error != "") {
$error = '<div class=""><p><strong>There were issues(s) in your form:</strong></p>' . $error . '</div>';
echo $error;
} else {
exit();
}
}
}```
change this line
if ($_POST['username'] != $row['username']) {
$error = "That username is incorrect.";
}
by
if (!$result) {
$error = "That username is incorrect.";
}
because if $result is false or has 0 items then no user was found with this username
from the question above, currently I already create a login page. in the login page, I include 'email' as a session and I can borrow the 'email in all page'. Let say if I want to include other data to the session, for example, 'fullname', how to do?
Below is my login code
<?php
include("config/configPDO.php");
session_start();
$msg = "";
if(isset($_POST['submitBtnLogin'])) {
$user_id = trim($_POST['email']);
$email=explode('#',$user_id);
if (is_array($email)){
$user_id=$email[0];
}
$pwd = trim($_POST['pwd']);
if($user_id != "" && $pwd != "") {
$ldap_dn = "TOPGLOVE\\".$user_id;
$ldap_password = $pwd;
$ldap_con = ldap_connect("ldap://172.xx.xx.xx:xxx");
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
if(#ldap_bind($ldap_con,$ldap_dn,$ldap_password)){;
try {
$records = $conn->prepare("SELECT email, roles_id, pwd FROM users WHERE user_id = :user_id ");
$records->execute(
array(
'user_id' => $user_id,
)
);
$results = $records->fetch(PDO::FETCH_ASSOC);
$message = '';
if($results && count($results) > 0 ){
$_SESSION['login_user'] = $results["email"];
if($results["roles_id"] == "1"){
header("location: pages/dashboard/dashboard_admin.php");
}else if ($results["roles_id"] == "3"){
header("location: pages/dashboard/dashboard_super_admin.php");
}
} else {
echo "
<script>alert('You're not authorized to use this system')</script>
<script>window.location = 'index.php'</script>
";
}
} catch (PDOException $e) {
echo "Error : ".$e->getMessage();
}
} else{
echo "
<script>alert('Invalid Email or Password')</script>
<script>window.location = 'index.php'</script>
";
}
} else {
$msg = "Both fields are required!";
}
}
?>
As #Nick said, make sure the SESSION is started and the User has been logged in.
Then you can use $_SESSION Array, to add new elements.
$_SESSION['name'] = $your_var;
I'm working on a log in form that users a text file (users.txt) to validate username/password against. I cannot use MYSQL for this.
The text file records are in this format:
user one:user1#email.com:user1:password1
user two:user2#email.com:user2:password2
If it validate just the USERNAME only, then it successfully checks the user: if ($currUser == $userUsername) {$valid = true; break;}BUT if I then try to validate both username and password I get the wrong result.($currUser == $userUsername && $currPass == $userPass) {$valid = true; break;} Results in "Invalid username or password"
I can't figure out what I'm doing wrong? When I echo the username and passwords they are a match!!!
SCRIPT:
if(isset($_POST['submit'])){
$form_is_submitted = true;
//FORM PROCESSING
if(isset($_POST['userName']) && isset($_POST['password'])) {
$currUser = $_POST['userName'];
$currPass = $_POST['password'];
$valid = false;//flag
while (!feof($fileHandle)) {
$userRow = fgets($fileHandle);
$userDetails = explode(':', $userRow);
if (!isset($userDetails[2])) {
$userDetails[2] = null;
}
if (!isset($userDetails[3])) {
$userDetails[3] = null;
}
$userUsername = $userDetails[2];
$userPass = $userDetails[3];
if ($currUser == $userUsername /*&& $currPass == $userPass*/) {
$valid = true;
//break;
}
}
if ($valid) {
echo "<br> $userUsername logged in sucessfully<br>";
} else {
echo "<br>Invalid user name or password<br>";
//FOR DEGUGGING ONLY!
echo $currUser . $userUsername;
echo $currPass . $userPass;
echo $_POST['password'];
echo $_POST['userName'];
}
} else {
$errors_detected = true;
$errors['not set'] = "Please enter username and password";
}
}
the fgets() function returns a line INCLUDING the linefeed \n (and the carriage return \r if its there). that means you have to remove those.
just change this:
$userPass = $userDetails[3];
to this:
$userPass = trim($userDetails[3]);
and it should work
// I have updated my code php and improve my question
i have a login form, and when i wrong password i don't have this error:
"your are not register or your password is wrong !"
I have nothing, there is nothing that appears.
this is my code php, my data is mongodb :
<?php
if (isset($_POST['submit']) && $_POST['submit'] == "Login"){
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$error = array();
// Username Validation
if (empty($username)) {
$error[] = " <h2> complete username </h2>";
}
if (empty($password)) {
$error[] = " <h2> complete password</h2> ";
}
// connexion data
if (count($error) == 0)
{
$host = 'localhost';
$database_name = 'Projet';
$database_user_name = '';
$database_password = '';
$connection = new MongoClient();
if ($connection)
{
// select data
$database = $connection->$database_name;
// Select collection
$collection = $database->reg_users;
$user_data = array(
"username" => $username,
"password" => md5($password)
);
$result = $collection->find($user_data);
if ($result>0)
{
header("Location: Articles.php");
foreach ($result as $doc)
{
$_SESSION['email'] = $doc['email'];
$_SESSION['username'] = $doc['username'];
}
}else{
$error[] = " <h2> your are not register or your password is wrong ! </h2>";
}
} else {
$error[] = " no mongodb connection";
}
}
if(count($error) > 0)
{
foreach($error as $e)
{
echo $e;
}
}
}
isset will return a boolean result and therefor needs to be written more like this if you want that code block to execute:
if (isset($_POST['submit']) && $_POST['submit'] == "Login")