I am learning PHP, and I'm busy with this tutorial over here:
https://www.youtube.com/watch?v=kebwxI1Bw88
I did everything according to the video and went over it 3 times, but my script isn't working... and I was wondering if anyone can help me figure out why? My code seems to be exactly like the guy's code on the video.
The video is about creating the login functionality for a forum. What happens with my script is.... It does what it's supposed to when I type in the WRONG user/pass combination (showing the message that it's supposed to show). But, when I type in the RIGHT user/pass combination... The file redirects to the index like it's supposed to... but it's still displaying the login form and not showing the "You are logged in as _ " message.
My Login Form on the index page:
if (!isset($_SESSION['uid'])) {
echo "<form action='login_parse.php' method='post'>
Username: <input type='text' name='username' />
Password: <input type='password' name='password' />
<input type='submit' name='submit' value='Log In'>
";
} else {
echo "<p>You are logged in as ".$_SESSION['username']." $bull; <a href='logout_parse.php'>Logout</a>";
}
My login_parse.php file:
session_start();
include_once("connect.php");
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: index.php");
exit ();
} else {
echo "Invalid login information. Please return to the previous page. ";
exit ();
}
}
Check if $_SESSION['uid'] has a value.
print_r($_SESSION);
to see all the values
Related
I have searched and tried all the suggestions but no luck. Can you help someone who has come back to php, found php7 and is a little confused?
I have code for a simple login; I have a confirmed connection to MySQL and have (finally) eradicated all errors - but when I complete the fields I get nothing: no error message, not a message saying my password is either wrong or not recognized, not a message to say the email is in the wrong format - nothing. I should get a print saying, "You are logged in. Please click here" with a hyperlink.
This is my code:
<?php
{
include_once 'mysqlconnect.php';
include_once 'functions.php';
$error = $user = $pass = "";
$query = "SELECT user,pass FROM password
WHERE user='$user' AND pass='$pass'";
if (mysqli_num_rows(queryMysqli($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
echo ("You are now logged in. Please
<a href='C:\xampp/htdocs//xxxx/xxxc_member.php?view=$user'>click here</a>.");
}
}
?>
<form action='valid.php' method='POST'>
<fieldset>
<legend>Enter a password and email address</legend>
<p>Password : <input type='password' name='pass'></p>
<p>Email Address : <input type='text' name='user'></p>
</fieldset>
<p><input type='submit' ></p>
</form>
And this is the relevant function:
function querymysqli($query)
{
$con = #mysqli_connect('localhost', 'xxxxxx', '', 'xxxxxx');
{
$result = mysqli_query($con, $query) or die(mysqli_error());
return $result;
}
}
From this I am not getting any result. If someone could explain my error I would be very grateful - thank you.
It must be mysqli_query and not queryMysqli.
I tried entering the header location as shown below but it does not redirect when the user successfully logs in. I have had success using this function when accessing the member.php page using the URL and it worked perfectly, redirected the user to the log in page.
I would like to know if there is something wrong with the code I have. Please do your part and guide me if ya can :) thank you!
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("", "", "") or die ("Couldn't connect!");
mysql_select_db("") or die("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
}
?>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<html>
<div class="container">
<div class="form_wrapper">
<form action='login.php' method='POST'>
<?php if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row ['username'];
$dbpassword = $row ['password'];
}
// check to see if they match!
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION['username']=$username;
header ("Location: member.php");
exit();
}
else
echo "Incorrect password!";
}
else
die("User does not exist!");
?>
<br><br>
<input type='text' name='username' placeholder="Username"><br><br>
<input type='password' name='password' placeholder="Password"><br><br>
<input type='submit' value='Log In'>
</form>
</div>
</div>
</html>
Switch those 2 lines to start with:
header ("Location: member.php");
$_SESSION['username']=$username;
To:
$_SESSION['username']=$username;
header ("Location: member.php");
Otherwise, you're moving away before the session is set.
Edit: Also make sure a php page that uses header('location... does not display any other text in the browser. It won't be able to change the header if there is some kind of output already.
First of all, Santy is right with switching to this:
$_SESSION['username']=$username;
header("Location: member.php");
But, also add this after header:
exit();
To stop PHP immediately and get out to your location.
So I'm building a website for PHP & MySQL practice and I'm attempting to set up a member's system. What is supposed to happen is the user goes to the login page and logs in using a registered username and password (Which works in the registration process) and then the page will refresh and take them to the 'members' area. Here's my code:
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) {
echo "<h1>Member Area</h1>";
echo "<p>Thanks for logging in! You are <b>" . $_SESSION['Username'] . "</b> and your email address is <b>" . $_SESSION['EmailAddress'] . "</b>.</p>";
} elseif(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<center>";
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
echo "</center>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please click here to try again.</p>";
}
} else {
echo "<center>";
echo "<h1>Login</h1>";
echo "<p>Thanks for visiting! Please either login below, or click here to register.</p>";
echo "<form method=\"post\" action=\"login.php\" name=\"loginform\" id=\"loginform\">";
echo "<label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br />";
echo "<label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo "<input type=\"submit\" name=\"login\" id=\"login\" value=\"Login\" />";
echo "</form>";
echo "</center>";
}
?>
So basically, the page loads and checks if the user is already logged in and if they are, it loads the members area. If not, it checks to see if the user is trying to log in and if not it shows the login form.
My problem is that, every time I or somebody else tries to log in, the page reloads, but instead of taking them to the 'member' area, it takes them back to the login form...
Also, at the top of the document I have a line which is:
<?php include "base.php"; ?>
and in the base.php file I have a session_start(), but maybe that is irrelevant?
Any suggestions? Thanks.
EDIT:
The code to register a user is in a different php file. Again, the base.php file with session_start(); is included at the top of the document:
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
} else {
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
} else {
echo "<h1>Register</h1>";
echo "<p>Please enter your details below to register.</p> ";
echo "<form method=\"post\" action=\"register.php\" name=\"registerform\" id=\"registerform\">";
echo " <label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br /> ";
echo " <label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo " <label for=\"email\">Email Address:</label><input type=\"text\" name=\"email\" id=\"email\" /><br />";
echo " <input type=\"submit\" name=\"register\" id=\"register\" value=\"Register\" />";
echo "</form>";
}
?>
You seem to be missing a
session_start()
at the top of that php script
Always ensure that session_start() is at the top of all other pages concerned also. I would use isset as apposed to !empty.
session_start();
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username'])) {
For every page you want to carry over the session to, you have to do
session_start();
even if the session is already created.
assuming you will want a logout page, when you are going to log the users out on a page like logout.php, you must have:
session_start();
session_destroy();
The session_start(); is necessary to destroy the session
mysql_real_escape_string is deprecated, use MySQLi or PDO instead!!!
Also a session_start(); might be useful to work with sessions.
I created a PHP script that allows a user on my website to change their password once registered, but am getting an error when I try to open it on the site. I believe it is due to a syntax error on my part but I can't seem to spot it. Can someone take a look and see what you can find? Here is the script:
<?php
session_start();
$user = $_SESSION['username'];
if ($user)
{
//user is logged in
if ($_POST['submit'])
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("Old password doesn't match!");
}
else
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
else
die ("You must be logged in to change your password");
}
?>
The error I am getting is as follows:
Notice: Undefined index: submit in /var/www/localhost/htdocs/changepassword.php on line 11
You must be logged in to change your password.
Thanks in advance for your help.
Well first you should notice that mysql is deprecated, use mysqli or PDO instead More info or like NullPointer has pointed More Good Info :)
change the end of your code like this to get the right results that you want for fail:
}else
die ("Nothing came from the $_POST variable");
}else
die ("You must be logged in to change your password");
The error that your getting is maybe because your $_POST variable isn't set, use isset() to check if $_POST was set.example:
if (isset($_POST['submit']))
{
//submit post was set
}else
{
//submit post wasn´t set
}
If you still not getting any value, check your form.
UPDATE:
to see the actual form you must end the isset before the form your code stays like this:
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("New password doesn't match!");
}else
die("Old password doesn't match!");
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
But you wont see it until your logged in. Your second problem is that your $user variable seems to dont have any value. after trying the above code if it wont work.
put this line after
$user = $_SESSION['username'];
echo 'Here it shold show the user: '.$user.'';
if it wont show up your not passing the session value right.
One more thing, if your form is pointing to same page, thats what it looks like change your line to this line:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method='POST'>
Your input html form has an extra space in it
<input type='submit' name ='submit' value='submit'>
Change it to
<input type='submit' name='submit' value='submit'>
You should also make sure
if (isset($_POST['submit']))
PLEASE dont comment on here telling me about my SQL injections, I already know :)...
Every time I use my login.html page (which is linked to the login.php file) the code generates the following message: 'Please enter a valid username and a password!'
The code was working fine earlier so i'm not sure what i have done wrong ...
The code is below :
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","user_ben","password") or die ("Couldn't Connect!");
mysql_select_db("user_phplogin"); //select database
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($query))
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Youre in! <a href='members.php'> Visit your user profile! </a>";
}
else
{
echo "Incorrect Password! <a href='login.html'> Return to login page</a>";
}
}
else
{
die("That user doesnt exist! <a href='login.html'> Return to login page</a>");
}
}
else
{
die("Please enter a valid username and a password! <a href='login.html'> Return to login page</a>");
}
?>
This is my form code...
<form action='login.php' method='submit'>
Username: <input type='text' name='username'/><br>
Password: <input type='password' name='password'/><br>
<input type='submit' value='Log In'/>
</form>
check like
if(!empty($username) && !empty($password))
it will check not empty also username and password is set
and
<form action='login.php' method='POST'>
since it default is GET (it mean if you dont type method it will be GET)
also you are using method="submit" there isn't any submit method
method (GET|POST) GET -- HTTP method used to submit the form--
w3 form:17.3 The FORM element
change
<form action='login.php' method='submit'>
to
<form action='login.php' method='POST'>
change
<form action='login.php' method='submit'>
to
<form action='login.php' method='POST'>
start login.php with this lines and answer:
<?php print_r($_POST);
and see what in the post