I have this login code. When I write on a page to request someones username, I enter <?php echo $username; ?> but that's not the only thing I want to echo on the page. I also want to echo $website but that doesn't work. What am I doing wrong in the code? Is there a way to also add $website to the code so it echo's the
require('connect.php');
session_start();
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{
echo "";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Your username is " . $username;
echo "Your domain is " . $website;
} else {
?>
<!--loginpage follows here -->
EDIT
I mean when a customer registers their account, they need to fill out a form and they need to enter their site. How can I, by using the above script, echo the $website so they see their own website printed?
I think you want:
$website = $_SERVER['HTTP_REFERER'];
You can check out all of the possible information at the PHP man page at http://php.net/manual/en/reserved.variables.server.php.
EDIT - as per your edited question.
You simple need to check the $_POST for whatever they entered in a "webpage" field.
Such as and using a ternary operator:
$webpage = (isset($_POST['webpage'])) ? $_POST['webpage'] : "No webpage entered";
To get the name if the website use the php $_SERVER global variable
$website=$_SERVER['SERVER_NAME'];
if i didn't misunderstood your question,try to set $website variable like this way
if(isset($_POST['website'])){
$website=$_POST['website']; //from your form
}else{
$website="user didn't provide website name";
}
Related
I need to pass from php (ValidationLogin.php) some variables (email, password and ID) in the href of a , to access a HTML page that is specific for the logged in user. Can you tell me guys how to pass this variables into my href? Do not worry about SQL-Injection i'll fix it later...
CODE: ValidationLogin: (I pass my email and password into a session to use it afterwords)
<?php
// connect to the database
$db = new mysqli('', '', '', ''); //This is normaly filled and not empty
if ($db->connect_error)
{
die("Connection failed: " . $db->connect_error);
}
$arr = array();
$Email = $_REQUEST['email'];
$Passwd = $_REQUEST['passwd'];
$Query = "SELECT Passwd FROM place WHERE Email = '$Email'";
$DBResult = mysqli_query($db, $Query);
$DB_Hashed_Passwd = mysqli_fetch_assoc($DBResult);
$Hashed_Passwd = $DB_Hashed_Passwd["Passwd"];
if (password_verify($Passwd, $Hashed_Passwd))
{
$Query = "SELECT Id, Firstname FROM place WHERE Email = '$Email'";
$DBResult = mysqli_query($db, $Query);
$Place = mysqli_fetch_assoc($DBResult);
array_push($arr,$Place["Id"]);
array_push($arr,$Place["Firstname"]);
session_start();
$_SESSION['email'] = $Email;
$_SESSION['passwd'] = $Passwd;
echo json_encode($arr);
}
else
{
echo json_encode(null);
}
mysqli_close($db);
?>
index.php: (on this page i've a button that redirects me to a specific page so i need to pass email and password in the href --> this credentials are active into the session but i don't know how to pass them into the href):
<?php
$email = $_SESSION['email'];
$passwd = $_SESSION['passwd'];
if(isset($_SESSION['email']))
{
echo '<button><i class="fa fa-edit"></i> Manage My Drinks</button>';
}
?>
Could someone tell me how to fix it or tell me something better?
Thanks guys!
Session vars should be available and you don't have to pass them as parameters.
Just session_start(); should be called before checking them:
<?php
session_start();
$email = $_SESSION['email'];
$passwd = $_SESSION['passwd'];
if(isset($_SESSION['email'])) {
echo '<button><i class="fa fa-edit"></i> Manage My Drinks</button>';
}
?>
Good day.SO i am having an issue in that, when i create a session via a login and a user is authenticated, once i leave that page to say a different page, i am not whether the session is destroyed or not created in the first place, i require this page to hold the session so i can be able to query the users email from it, and use it to query the database to determine the username.
This is my submit.php, called once the user clicks login on the page.
<?php
session_start();
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password =$_POST['password'];
$sql = "SELECT * FROM `USERS` WHERE EMAIL='$email' AND ENCRYPTEDPWD='$password'";
$result = mysqli_query($connection, $sql);
$count = mysqli_num_rows($result);
if($count == 1){
$_SESSION['email'] = $email;
header("Location: Landing page.php");
exit();
}
else{
header("Location: customerportal.php?login=invalid");
exit();
}
}
?>
it redirects to the next page, the landing page.
This page should check email from the session, and then display a username.
<?php
session_start();
$_SESSION['email'] = $email;
$sql = "SELECT * FROM users WHERE EMAIL='$email';";
$result = mysqli_query($connection,$sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0){
while($row = mysqli_fetch_assoc($result)){
echo $row['username'];
}
}
else{
echo "No User.";
}
?>
Please help.
You have an issue with the landing page in below line:-
$_SESSION['email'] = $email;// here you are assigning to SESSION
It needs to be:-
$email = $_SESSION['email'];//assign value from SESSION to variable
So code needs to be like this:-
$email = $_SESSION['email'];
$sql = "SELECT * FROM users WHERE EMAIL='$email'";
Note:- Your code is wide-open for SQL INJECTION. Try to use prepared statements to prevent it.
mysqli::prepare
In your landing page, invert the line after session_start(): You are assigning an empty variable to overwrite your already saved session variable
$email = $_SESSION['email'];
If your query causes you problems after that, try concatenating $email
$sql = "SELECT * FROM users WHERE EMAIL='".$email."';";
I am trying to make login with angularjs and PHP. But hitting problem I cannot understand why?
<?php
date_default_timezone_set("Asia/Bangkok");
session_start();
$data = json_decode(file_get_contents("php://input"));
$email = mysql_real_escape_string($data->email);
$password = mysql_real_escape_string($data->password);
{
$con=mysqli_connect("localhost","root","thanh03021986","erp");
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"SELECT email, password FROM user WHERE email = '$email'");
$numrow = mysqli_num_rows($query);
if($numrow > 0){
while($rows = mysqli_fetch_array($query))
{
$dbemail = $rows['email'];
$dbpassword = $rows['password'];
}
$con->close();
if($email==$dbemail && $password == $dbpassword){
$_SESSION['uid'] = $email;
header('location:/A.php');
}
}
}
?>
When the If() return true the $_SESSION['uid'] = $email works but the header('location:/A.php'); does not work. I try to put header('location:/A.php'); out of IF(), header works ??? Please help and explain?
The session_start function must be called first as well as the header function must me called before any HTML code.
See the headerfunction manual
The redirection with header, you must be sure that there's nothing in the html already (not even the <html> tag), and an absolute path. So, you should do this in order to work:
header('Location: http://pathblablabla.bla/A.php');
Also, note that I put Location, not location. Not sure if it's case-sensitive, but just in case...
I've looked at lots of answers to redirect to a different page after submitting a form, but haven't been able to get it to work thus far, probably because I have no idea where to actually put the code. Can anyone help? The rest of this code is working fine, i just need to know where to place header():
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
//connects to database, checks username & password against database to see is user exists
if($username && $password)
{
include ("connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows !==0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//if username and password are correct
if($username==$dbusername&&md5($password)==$dbpassword)
{
echo "You are logged in. <a href='main.php'>Continue to site.</a>";
$_SESSION['username'] = $username;
}
//if password is incorrect
else
echo "Your password is incorrect.";
}
//if username is incorrect
else
die("Username does not exist.");
}
//if no information is submitted
else
die("Please enter your login details.");
//prevents errors from displaying on page
error_reporting(0);
?>
I also need to know where it goes for this page:
<?php
//Check if register button was pressed
$button = $_POST['button'];
//if button was pressed,
if ($button)
{
//get data from form,
$username = $_POST['username'];
$password = $_POST['password'];
$retype_password = $_POST['retype_password'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
}
//check if all information has been entered,
if ($username && $password && $retype_password && $first_name && $last_name)
{
//check if password and retype_password are the same
if($password==$retype_password)
{
//check if username already exists
include("connect.php");
$query = mysql_query("SELECT * FROM users WHERE username = '$username'");
$numrows = mysql_num_rows($query);
if($numrows == 0)
{
//encrypt password
$password = md5($password);
//sends data from form to database - creates new user
$register = mysql_query("INSERT INTO users VALUES ('', '$username', '$password', '$first_name', '$last_name')");
echo "You are now registered. <a href='main.php'>Continue to site.</a>";
}
else
echo "Username is unavailable.";
}
else
echo "Password did not match.";
}
//prevents errors from displaying on page
error_reporting(0);
?>
Thanks in advance!
if($username==$dbusername&&md5($password)==$dbpassword)
{
$_SESSION['username'] = $username;
header( 'Location: http://www.yoursite.com/new_page.html' ) ;
}
You should put it once the job is done : that is after
//echo "You are logged in. <a href='main.php'>Continue to site.</a>";
$_SESSION['username'] = $username;
header('Location: your url');
exit;
Don't forget the "exit" or what follow will be executed.
That said, you cannot echo something before a doing redirection, that's logical because the echo can't be seen.
So, either you do not echo :
$_SESSION['username'] = $username;
header('Location: your url');
exit;
Or you do a HTML (or javascript) redirection, with a 5 seconds delay:
echo "You are logged in. <a href='main.php'>Continue to site.</a>";
$_SESSION['username'] = $username;
exit;
In which case you have to put it in the < head > section, to do the HTML redirection:
<meta http-equiv="refresh" content="0; url=http://example.com/main.php" />
Also
error_reporting(0);
Should be put at the beginning of the page, unless you want errors for previous lines to be shown.
BUT : error_reporting(0); should NEVER be used on a development site (and always on a production site).
You should turn on display_errors('on') and error_reporting(E_ALL) to see errors - errors are very useful for a developer.
I am new to PHP scripting and come from Java background. Here is a trivial thing which has turned into a brainteaser for me as of now. So here is the problem, I assigned a variable some value and when try to use that value inside if/else statement that variable actually doesn't posses the previous assigned value to it. Here is the code:-
<?php
session_start();
$email = $_POST["Email"];
$password = $_POST["Password"];
$db_username="root";
$db_password="root";
$database="mydb";
$localhost = "mysql";
$con = mysql_connect($localhost,$db_username,$db_password);
mysql_select_db($database,$con) or die( "Unable to select database");
$query = "select * from photobook.users where email ='$email' and password ='$password';" ;
$result = mysql_query($query);
$num=mysql_num_rows($result);
if($num == 1){
while($row = mysql_fetch_array($result))
{
$_SESSION['email'] = $row['email'];
$_SESSION['username'] = $row['username'];
}
header("location: home.php");
}
else{
include "photoBookProtocol.php";
print "<br>email value after photobookprotocol file include is $email";
print "<br>password value after photobookprotocol file include is $password";
$obj=new Protocol();
$var = $obj->loginCheck($email,$password);
print "value of var received is $var";
if($var == 0){
session_destroy();
print "<br>user does not exist";
//header("location: login.php");
}
else{
$_SESSION['email'] = $var[0];
$_SESSION['username'] = $var[1];
print "<br>user exists";
header("location: home.php");
}
}
mysql_close($con);
?>
So when I pass the $email and $password in loginCheck($email, $password) inside "else" clause there is nothing passed. Any idea why this is happening?
There is nothing wrong with your variable scope, so either:
There is nothing in the POST data
The include overwrites the two variables
loginCheck() is receiving the correct variables but there is a bug within the function
As a side note, since your script depends on POST data, you should have a condition to check if the required data is present before proceeding:
if(isset($_POST['Email'], $_POST['Password']))
{
// something posted
}