I have created a simple log in page but the code isn't working. I tried checking console but it was not giving me any errors. The out put is "0 results". I tried to correct it but i couldn't. Please see the code for your reference:
Could you guys tell me the error?
<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
include ('conn.php');
$un = isset($_POST['name']);
$up = isset($_POST['pass']);
$query = "select * from login where l_name = '$un' AND l_pass = '$up'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1 && !empty($un) && !empty($pa))
echo"Your Successfully Logged";
else
echo"You Failed";
}
}
else{
echo "0 result";
?>
<form name="form1" method="POST">
<fieldset>
<legend> Log in </legend>
<label> Username: <input type="text" name="name" />
<label> Password :<input type="text" name="pass" />
</fieldset>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
The problem is with these lines:
$un = isset($_POST['name']);
$up = isset($_POST['pass']);
Replace them with the below ones. They should read:
$un = isset($_POST['name']) ? $_POST['name'] : '';
$up = isset($_POST['pass']) ? $_POST['pass'] : '';
A more robust code will be:
<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
include ('conn.php');
$un = isset($_POST['name']) ? $_POST['name'] : '';
$up = isset($_POST['pass']) ? $_POST['pass'] : '';
if(empty($un) || empty($up))
{
echo 'Please fill in the name and password fields';
}
else
{
$un = mysqli_real_escape_string($conn, $un);
$up = mysqli_real_escape_string($conn, $up);
$query = "select * from login where l_name = '$un' AND l_pass = '$up'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1){
echo"Your Successfully Logged";
}
else{
echo"You Failed";
}
}
}
else{
echo "0 result";
}
}
?>
<form name="form1" method="POST">
<fieldset>
<legend> Log in </legend>
<label> Username: <input type="text" name="name" />
<label> Password :<input type="text" name="pass" />
</fieldset>
<input type="submit" name="submit" value="Submit">
</form>
</body>
<?php
include ('conn.php');
if(isset($_POST['name']) && $_POST['name']!='')
{
$un = $_POST['name'];
}
if(isset($_POST['pass']) && $_POST['pass']!='')
{
$up = $_POST['pass'];
}
$query = "select * from `login` where `l_name` = '".$un."' AND `l_pass` = '".$up."'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1 && !empty($un) && !empty($pa))
echo"Your Successfully Logged";
else
echo"You Failed";
}
}
else{
echo "0 result";
?>
There are a few errors:
$un = $_POST['name'];
$up = $_POST['pass'];
you forgot to close your else:
else{
echo "0 result";
}
and some notes:
Give an error when the mysqli_query fails.
Encrypt the password
You're open to mysql injection
Related
I'm relatively new to PHP and MySQL, I am trying to learn how to create a user profile page that allows users to edit their information. The issue I am having is that some fields do not change, such as the username, email, and contact field. However, I am able to change the name field alone but not with the other fields. I don't get redirected back and no errors pop up, so I am unsure as to how to fix the issue. Below is my code.
<?php
include 'db_conn.php';
session_start();
if (!isset($_SESSION['userid'])){
header("Location:login.php");
}
$select = mysqli_query($con, "SELECT * FROM user WHERE userid = $_SESSION[userid]") or die('query failed');
if(mysqli_num_rows($select) > 0){
$fetch = mysqli_fetch_assoc($select);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Profile</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/water.css#2/out/water.css">
</head>
<body>
<form action="update-profile-check.php" method="post">
<h2>PROFILE</h2>
<?php if (isset($_GET['error'])) { ?>
<p class="error"><?php echo $_GET['error']; ?></p>
<?php } ?>
<?php if (isset($_GET['success'])) { ?>
<p class="success"><?php echo $_GET['success']; ?></p>
<?php } ?>
<label>User Name</label>
<input type="text"
name="uname"
placeholder="User Name"
value="<?php echo $fetch['username']; ?>"><br>
<label>Name</label>
<input type="text"
name="name"
placeholder="Name"
value="<?php echo $fetch['name']; ?>"><br>
<label>Email</label>
<input type="text"
name="email"
placeholder="Email"
value="<?php echo $fetch['email']; ?>"><br>
<label>Contact</label>
<input type="text"
name="contact"
placeholder="Contact"
value="<?php echo $fetch['contact']; ?>"><br>
<button type="submit">Update Profile</button>
go back
change password
</form>
</body>
</html>
<?php
session_start();
include "db_conn.php";
$select = mysqli_query($con, "SELECT * FROM user WHERE userid = $_SESSION[userid]") or die('query failed');
if(mysqli_num_rows($select) > 0){
$fetch = mysqli_fetch_assoc($select);
}
$oguname = $fetch['username'];
$ogemail = $fetch['email'];
$ogcontact = $fetch['contact'];
$ogname = $fetch['name'];
$userid = $_SESSION["userid"];
if (isset($_POST['uname']) || isset($_POST['name']) || isset($_POST['email']) || isset($_POST['contact'])) {
function validate($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$uname = validate($_POST['uname']);
$name = validate($_POST['name']);
$email = validate($_POST['email']);
$contact = validate($_POST['contact']);
$user_data = 'uname='. $uname. '&name='. $name. '&email='. $email. '&contact='. $contact;
if (empty($uname)) {
header("Location: update-profile.php?error=User Name is required&$user_data");
exit();
}
else if(empty($name)){
header("Location: update-profile.php?error=Name is required&$user_data");
exit();
}
else if(empty($email)){
header("Location: update-profile.php?error=Email is required&$user_data");
exit();
}
else if(empty($contact)){
header("Location: update-profile.php?error=Contact is required&$user_data");
exit();
}
else if(!preg_match("/^([a-zA-Z-' ]+)$/", $name)){
header("Location:update-profile.php?error=Name can only contain letters&$user_data");
exit();
}
else if (strlen($name) > 51){
header("Location:update-profile.php?error=Name is too long&$user_data");
exit();
}
else if ($oguname !== $_POST['uname']){
$sql = "SELECT * FROM user WHERE username='$uname' ";
$result = mysqli_query($con, $sql);
if (!preg_match("/^[A-Za-z][A-Za-z0-9]{2,16}$/", $uname)){
header("Location: update-profile.php?error=Username can only contain letters (a-z) and numbers (0-9) and must have a minimum of three characters and maximum of 15 characters&$user_data");
exit();
}
if (mysqli_num_rows($result) > 0) {
header("Location: update-profile.php?error=That username is already taken&$user_data");
exit();
}
}
else if($ogemail !== $_POST['email']){
$sql2 = "SELECT * FROM user WHERE email='$email' ";
$result2 = mysqli_query($con, $sql2);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: update-profile.php?error=Invalid Email&$user_data");
exit();
}
if (mysqli_num_rows($result2) > 0) {
header("Location: update-profile.php?error=That email has already been used!&$user_data");
exit();
}
}
else if ($ogcontact !== $_POST['contact']){
$sql3 = "SELECT * FROM user WHERE contact='$contact' ";
$result3 = mysqli_query($con, $sql3);
if(!preg_match("/^[89]\d{7}$/", $contact)){
header("Location: update-profile.php?error=Invalid Phone Number&$user_data");
exit();
}
if (mysqli_num_rows($result3) > 0) {
header("Location: update-profile.php?error=Phone number has already been used&$user_data");
exit();
}
}
else{
$sql4= "UPDATE user SET username = ?, email = ?, contact = ?, name = ? WHERE userid = ?; ";
$query = $con->prepare($sql4);
$query->bind_param("ssisi" ,$uname, $email, $contact, $name, $userid);
if ($query -> execute()){
header("Location: update-profile.php?success=Succesfully updated");
exit();
}else {
header("Location: update-profile.php?error=unknown error occurred&$user_data");
exit();
}
}
}
else{
header("Location:update-profile.php");
exit();
}
I am not sure as to why only the name field is able to be changed but the rest just redirects and changes nothing. Also, I am trying to incorporate more prepared statements to prevent SQL injections later on.
Solved this issue by removing the else statement with the $sql4.
I am not a professional at this, so that being said everything is fairly new to me. I've been researching and trying to figure out my error, but no luck :(. Am I using session_start() wrong? Here is my code:
profile.php This is the page I want it to echo in.
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
?>
<?php
}
else
{
header("location:login.php");
exit();
}?>
<div id='userid'> <?php echo $_SESSION['userid']; ?></div>
login.php
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
header("location:quotin.php");
exit();
}
$error = "";
if(isset($_POST['submit']))
{
$_SESSION['email'] = mysqli_real_escape_string($con, $_POST['email']);
$_SESSION['firstName'] = mysqli_real_escape_string($con, $_POST['fname']);
$_SESSION['lastName'] = mysqli_real_escape_string($con, $_POST['lname']);
$_SESSION['password'] = mysqli_real_escape_string($con, $_POST['password']);
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
$_SESSION['image'] = mysqli_real_escape_string($con, $_POST['image']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$checkBox = isset($_POST['keep']);
if(email_exists($email,$con))
{
$result = mysqli_query($con, "SELECT password FROM users WHERE email='$email'");
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['email'] = $email;
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: quotin.php");
}
}
else
{
$error = "Email Does not exists";
}
}?>
<body>
<div id="error" style=" <?php if($error !=""){ ?> display:block; <?php } ?> "><?php echo $error; ?></div>
<div id="wrapper">
<div id="menu">
Sign Up
Login
</div>
<div id="formDiv">
<form method="POST" action="login.php">
<label>Email:</label><br/>
<input type="text" class="inputFields" name="email" required/><br/><br/>
<label>Password:</label><br/>
<input type="password" class="inputFields" name="password" required/><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="submit" class="theButtons" value="login" />
</form>
</div>
</div>
</body>
signup.php
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
header("location:profile.php");
exit();
}
$error = "";
if(isset($_POST['submit']))
{ $_SESSION['email'] = mysqli_real_escape_string($con, $_POST['email']);
$_SESSION['firstName'] = mysqli_real_escape_string($con, $_POST['fname']);
$_SESSION['lastName'] = mysqli_real_escape_string($con, $_POST['lname']);
$_SESSION['password'] = mysqli_real_escape_string($con, $_POST['password']);
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
$firstName = mysqli_real_escape_string($con, $_POST['fname']);
$lastName = mysqli_real_escape_string($con, $_POST['lname']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$userid = mysqli_real_escape_string($con, $_POST['userid']);
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$image = $_FILES['image']['name'];
$tmp_image = $_FILES['image']['tmp_name'];
$imageSize = $_FILES['image']['size'];
$conditions = isset($_POST['conditions']);
$date = date("F, d Y");
if(strlen($firstName) < 3)
{
$error = "First name is too short";
}
else if(strlen($lastName) < 3)
{
$error = "Last name is too short";
}
else if(strlen($userid) > 8)
{
$error = "You need a longer username";
}
else if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error = "Please enter valid email address";
}
else if(email_exists($email, $con))
{
$error = "Someone is already registered with this email";
}
else if(strlen($password) < 8)
{
$error = "Password must be greater than 8 characters";
}
else if($password !== $passwordConfirm)
{
$error = "Password does not match";
}
else if($image == "")
{
$error = "Please upload your image";
}
else if($imageSize > 1048576)
{
$error = "Image size must be less than 1 mb";
}
else if(!$conditions)
{
$error = "You must be agree with the terms and conditions";
}
else
{
$password = password_hash($password, PASSWORD_DEFAULT);
$imageExt = explode(".", $image);
$imageExtension = $imageExt[1];
if($imageExtension == "PNG" || $imageExtension == "png" || $imageExtension == "JPG" || $imageExtension == "jpg")
{
$image = rand(0, 100000).rand(0, 100000).rand(0, 100000).time().".".$imageExtension;
$insertQuery = "INSERT INTO users(firstName, lastName, userid, email, password, image) VALUES ('$firstName','$lastName','$userid','$email','$password','$image')";
if(mysqli_query($con, $insertQuery))
{
if(move_uploaded_file($tmp_image,"images/$image"))
{
$error = "You are successfully registered";
}
else
{
$error = "Image is not uploaded";
}
}
}
else
{
$error = "File must be an image. PNG or JPG";
}
}
}?>
<body>
<div id="error" style=" <?php if($error !=""){ ?> display:block; <?php } ?> "><?php echo $error; ?></div>
<div id="wrapper">
<div id="menu">
Sign Up
Login
</div>
<div id="formDiv">
<form method="POST" action="signup.php" enctype="multipart/form-data">
<label>First Name:</label><br/>
<input type="text" name="fname" class="inputFields" required/><br/><br/>
<label>Last Name:</label><br/>
<input type="text" name="lname" class="inputFields" required/><br/><br/>
<label>Username:</label><br/>
<input type="text" name="userid" class="inputFields" required/><br/><br/>
<label>Email:</label><br/>
<input type="text" name="email" class="inputFields" required/><br/><br/>
<label>Password:</label><br/>
<input type="password" name="password" class="inputFields" required/><br/><br/>
<label>Re-enter Password:</label><br/>
<input type="password" name="passwordConfirm" class="inputFields" required/><br/><br/>
<label>Image:</label><br/>
<input type="file" name="image" id="imageupload"/><br/><br/>
<input type="checkbox" name="conditions" />
<label>I am agree with terms and conditions</label><br/><br/>
<input type="submit" class="theButtons" name="submit" />
</form>
</div>
</div>
</body>
connect.php I started to use session_start() here.
<?php
$con = mysqli_connect("localhost","root","****","database");
if(mysqli_connect_errno())
{
echo "Error occured while connecting with database ".mysqli_connect_errno();
}?>
functions.php
<?php
function email_exists($email, $con)
{
$result = mysqli_query($con,"SELECT id FROM users WHERE email='$email'");
if(mysqli_num_rows($result) == 1)
{
return true;
}
else
{
return false;
}
}
function logged_in()
{
if(isset($_SESSION['email']) || isset($_COOKIE['email']))
{
return true;
}
else
{
return false;
}
}?>
I'm also not sure why when I sign up, it doesn't register to my database. It did before I started to try and display username, but anymore. Any help is appreciated! Thank you!
The problem is in login.php
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
You are trying to store the userid in session but there is no POST variable set for it because you are submitting a login page containing only email & password.
And after successful query execution for login you are again storing an email and not the userid in session.
So after successful password comparison first store the userid in the session by retrieving it from db so that session gets a value which you are expecting on profile page.
So try doing:
$result = mysqli_query($con, "SELECT * FROM users WHERE email='$email'"); //Changed the query
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['userid'] = $retrievepassword['userid'];//storing the retrieved userid from db
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: quotin.php");
}
I am unable to authenticate using Php/mysql, using the following method. I used a form in order to login. Please check the following and help me out?
form.php
<html>
<body>
<h2>Authentication</h2>
<form action="login.php" method="post">
<label>Userid :</label>
<input type="text" id="userid" name="userid" >
<label>Password :</label>
<input type="password" id="password" name="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</body>
</html>
login.php
<?php
$message="";
if(count($_POST)>0) {
mysql_connect("localhost", "root", "kami123")or
die(mysql_error());
mysql_select_db("ccmsdb") or die(mysql_error());
$result = mysql_query("SELECT *FROM client WHERE
userid='" . $_POST["userid"] . "' AND
password = '". $_POST["password"]."'");
$count = mysql_num_rows($result);
if($count==0) {
$message = "Invalid Username or Password!";
} else {
$message = "You are successfully authenticated!";
}
}
?>
Besides what's already mentioned in the comments, you are missing a space in the query:
SELECT *FROM client WHERE
should be
SELECT * FROM client WHERE
Why don't you try PDO? MySQL functions are deprecated.
$err="";
(isset($_POST['email'], $_POST['pass'])) {
$email = $_POST['email'];
$pass = $_POST['pass'];
if(!empty($email) && !empty($pass)) {
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$err = 'Invalid email format.';
}
$dbc = new PDO('mysql:host=YOUR HOST;dbname=YOUR DBNAME', 'YOUR USERNAME', 'YOUR PASSWORD');
$stmt = $dbc->prepare("SELECT id, name, pass FROM client WHERE email =:email LIMIT 1");
$stmt -> bindValue(':email', $email);
$stmt -> execute();
while( $row = $stmt->fetch(PDO::FETCH_ASSOC) ){
if(password_verify($pass, $row['pass'])) {
//Logged In
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
header('Location:logged_in_user_page.php');
... bla bla ...
}else {
// Not Logged In
header('Location:not_logged_in_user_page.php');
}
}
}else {
$err = 'You have to provide an email and a password!';
}
}
I coded a login form, everythings work (connecting to db ,query, result). but I want to show login form or not! I should decide according to the $countResult variable. If it is equal 0, show Form! if it is 1 do not show form then redirect to other page.
$countResult is working until // it is working up to the here. Why?
<?php
session_start();
$_SESSION["username"] = "";
$_SESSION["userGroup"] = "";
require_once 'db.php';
$username ;
$usergroup ;
$loginError = "";
$usernameError = "";
$passwordError = "";
$query = "SELECT usergroup FROM personnel";
$result = "";
$queryResult = '';
static $countResult = 0 ;
$connectionLink = connectToDB();
$selectedDB = selectDB("ghiasvan" , $connectionLink);
static $showForm = True ;
if($_SERVER["REQUEST_METHOD"] == "POST"){
//global $showForm, $countResult;
if(!empty($_POST["username"]))
$username = trim($_POST["username"]);
else
$usernameError = "fill username";
if(!empty($_POST["password"]))
$password = trim($_POST["password"]);
else
$passwordError = "fill passowrd";
//echo password_hash($password, salt);
if(empty($password) && empty($username))
$loginError = "<b>fill username and password<b/>" ;
if(empty($passwordError) && empty($usernameError)){
$query .= " WHERE username = '$username' and password = '$password' ";
$queryResult = databaseQuery($query);
$countResult = mysql_num_rows($queryResult);
if($countResult == 0) {
$showForm = TRUE;
}
else if ($countResult == 1) {
$showForm = False;
$row = mysql_fetch_row($queryResult);
$usergroup = $row[0] ;
$_SESSION["userGroup"] = $usergroup;
}
}
} // end of if submit $_POST
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php
global $countResult;
if($countResult == 0){
$showForm = TRUE;
} else if ($countResult == 1) {
$showForm = FALSE;
}
if ($showForm){
echo "<title>Login Form</title>";
echo '<link href="/cafecalendar/css/login.css" rel="stylesheet" type="text/css" />';
}
?>
// it is working up to the here
</head>
<body>
<?php
if ( $countResult == 0 ){
?>
<div id="divForm">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">
<div id="inputPos">
Username :<br /><input type="text" name="username" id="username" /><br />
Password :<br /><input type="password" name="password" id="password" /><br />
<input type="submit" value="Login" name="submit" id="submit"><br />
<?php
if($loginError){
echo $loginError;
} else{
echo $usernameError . $passwordError;
}
?>
</div>
</form>
</div> <!-- end of div form -->
<?php
} // end of showing loggin form
else if ($countResult == 1){
if($usergroup == 1){
header("Location: http://localhost/ghias/admin.php");
die();
}
else if ($usergroup == 2){
header("Location: http://localhost/ghias/teacher.php");
die();
}
else {
header("Location: http://localhost/ghias/admin.php");
die();
}
}
?>
</body>
</html>
I think you should check if the form has been submitted or not, try like this:
<?php if(isset($_POST['submit'])):?>
<!--show your form here-->
<?php endif; ?>
i'm working on a dashboard for my users. I set it up by ranks and each rank can do there own thing. Now, I have three problems. One and two are about forms and another is about a redirection problem. These forms are not submitting into the database and I don't know why. The two forms are below. The third problem is redirecting. Since the system is setup by ranks I don't want ranks accessing other ranks dashboards. Its not redirecting the other ranks away from there dashboard as its all one login and when those ranks login it redirects them to there correct dashboard, but if say a partner goes to the admin dashboard, it lets them in which I don't want. Also I forgot to mention that when the user is logged in, it lets them back to the login page if they go to the login url which I don't want, I want it to redirect them to there dashboard. The forms are below.
First Form:
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE Id = '.$id.'");
if(isset($_POST['submit']))
{
$username1 = $_POST['username'];
$email1 = $_POST['email'];
$password1 = $_POST['password'];
$f_name = $_POST['f_name'];
$l_name = $_POST['l_name'];
$rank1 = $_POST['rank'];
$skype1 = $_POST['skype'];
$db->query("UPDATE users SET (Email, Username, FName, LName, Rank, SkypeID) VALUES(''.$email1.'', ''.$username1.'', ''.$f_name.'', ''.$l_name.'', ''.$rank1.'', ''.$skype1.'') WHERE Id = ".$id."");
}
?>
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE id='$id'");
while($row = $result->fetch_assoc())
{
$username = $row['Username'];
$email = $row['Email'];
$fname = $row['FName'];
$lname = $row['LName'];
$rank = $row['Rank'];
$skype = $row['SkypeID'];
}
?>
<form method="POST">
Username: <input type="text" name="username" value="<?php echo ($username); ?>"><br>
Email: <input type="email" name="email" value="<?php echo ($email);?>"><br>
Passowrd: <input type="password" name="password"><br>
First Name: <input type="text" name="f_name" value="<?php echo ($fname);?>"><br>
Last Name: <input type="text" name="l_name" value="<?php echo($lname); ?>"><br>
Rank: <input type="text" name="rank" value="<?php echo ($rank); ?>"><br>
Skype: <input type="text" name="rank" value="<?php echo ($skype); ?>">
<button type="submit" name="submit">Update User</button>
</form>
Second Form:
<?php
if(isset($_POST['submit']))
{
$c_name = $_POST['c_name'];
$v_link = $_POST['v_link'];
$v_title = $_POST['v_title'];
$v_desc = $_POST['v_desc'];
$v_tags = $_POST['v_tags'];
$m_sources = $_POST['m_sources'];
$s_requests = $_POST['s_requests'];
if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
{
echo 'You must fill in the first 5 fields.';
}
else
{
$getRank = $db->query("SELECT * FROM users WHERE username = ".$_SESSION['username']."");
while ($row = $getRank->fetch_assoc($getRank))
{
$usename = $row['username'];
$rank = $row['rank'];
}
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES (''.$username.'', ''.$rank.'', ''.$c_name.'', ''.$v_link.'', ''.$v_title.'', ''.$v_desc.'', ''.$v_tags.'', ''.$m_sources.'', ''.$s_requests.'')");
echo 'Form submitted successfully.';
}
}
?>
<form method="POST">
Channel name: <input type="text" name="c_name" required>*<br>
Video Link: <input type="text" name="v_link" required>*<br>
Video Title: <input type="text" name="v_title" required>*<br>
Video Description: <input type="text" name="v_desc" required>*<br>
Video Tags: <input type="text" name="v_tags" required>*<br>
Music Sources: <input type="text" name="m_sources"><br>
Special Requests: <input type="text" name="s_requests"><br>
<button type="submit" name="submit">Submit</button><br>
</form>
Now, heres the code I use to redirect a user away from the dashboards if its not there dashboard. It redirects not logged in users, but not like other users. Its supposed to only allow admins in.
<?php session_start();
if(isset($_SESSION['admin']))
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
Now, heres the login script. I want it to redirect the ranks to there dashboard if they're logged in, I don't know how to implant this.
<?php
require 'core/config.php';
if(isset($_POST['submit']))
{
$username = $db->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
if(empty($username) or empty($password))
{
echo 'You must fill in both boxes!';
} else {
$query = $db->query("SELECT * FROM users WHERE username = '".$username."'");
while($row = $query->fetch_assoc())
{
$dbpassword = $row['Password'];
}
if($password !== $dbpassword)
{
echo 'Password was incorrect.';
} else {
$query1 = $db->query("SELECT * FROM users WHERE username='".$username."'");
while($rows = $query1->fetch_assoc())
{
$rank = $rows['Rank'];
}
if($rank === 'admin')
{
$_SESSION['admin'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="management/index.php";</script>';
}
elseif ($rank === 'partner')
{
$_SESSION['partner'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="partner/index.php";</script>';
}
elseif ($rank === 'trainee')
{
$_SESSION['trainee'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="trainee/index.php";</script>';
}
else
{
echo 'Account not found.';
}
}
}
}
?>
try this in your login script:
<?php
require 'core/config.php';
//assuming that you have already start your session at the very top
if(isset($_POST['submit']))
{
$username = $db->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
if(empty($username) or empty($password))
{
echo 'You must fill in both boxes!';
} else {
$query = $db->query("SELECT * FROM users WHERE username = '".$username."'");
while($row = $query->fetch_assoc())
{
$dbpassword = $row['Password'];
}
if($password !== $dbpassword)
{
echo 'Password was incorrect.';
} else {
$query1 = $db->query("SELECT * FROM users WHERE username='".$username."'");
while($rows = $query1->fetch_assoc())
{
$rank = $rows['Rank'];
}
if($rank === 'admin')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="management/index.php";</script>';
}
else if ($rank === 'partner')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="partner/index.php";</script>';
}
else if ($rank === 'trainee')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="trainee/index.php";</script>';
}
else
{
echo 'Account not found.';
}
}
}
}
?>
in your management/index.php or in the page where supposed to only allow admins in.
<?php session_start();
if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
and with you saving, you just maybe forget the right quotations:
<?php
if(isset($_POST['submit']))
{
$c_name = $_POST['c_name'];
$v_link = $_POST['v_link'];
$v_title = $_POST['v_title'];
$v_desc = $_POST['v_desc'];
$v_tags = $_POST['v_tags'];
$m_sources = $_POST['m_sources'];
$s_requests = $_POST['s_requests'];
if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
{
echo 'You must fill in the first 5 fields.';
}
else
{
$getRank = $db->query("SELECT * FROM users WHERE username = '$_SESSION[username]'");
while ($row = $getRank->fetch_assoc($getRank))
{
$usename = $row['username'];
$rank = $row['rank'];
}
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");
echo 'Form submitted successfully.';
}
}
?>