I am trying to create a SignUp form for a web application I am developing and haven't programmed with mySQL in a while and when I fill out the HTML form I just get to a blank page (register.php) and no values are passed into the database table. The code, both HTML and PHP, are below. Any guidance as to what I'm missing or why this isn't passing through would be sincerely appreciated.
This is the HTML form to sign up:
<div class="panel-body">
Please fill out the form below.
<br>
<form action="register.php" method="post">
<div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" id="exampleInputEmail1" name="email" placeholder="Enter email">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" name="password" placeholder="Password">
</div>
<button type="submit" class="btn btn-default">Sign Up</button>
</form>
And here is the code on register.php:
$user = "smartkrawldb";
$pass = "Nixon15!";
$db = new PDO( 'mysql:host=XX.XXX.XXX.XX,dbname=smartkrawldb, $user, $pass);
$form = $_POST;
$email = $form['email'];
$password = $form['password'];
$sql = "INSERT INTO users ( email, password) VALUES ( :email, :password)";
$query = $db->prepare( $sql );
$query->execute( array(':email'=>$email, ':password'=>$password));
Does it work if you try this instead?
$email = $_POST['email'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$pass}';
I highly recommend you to switch over to PHP's PDO Object workflow instead, so much more secure and easy to work with.
$_POST['submit'] is passing no value (it'a submit button), at all.
try to var_dump, changing your last lines to this:
if(isset($_POST['submit'])) {
signUp();
}
else {
echo "the problem with post_submit is that is not here inside: ";
var_dump($_POST);
}
to get an idea of what is inside the $_POST superglobal.
cheers!
Related
I am learning MySQL and PHP and I trying to build a simple login webpage and connect with MySQL.
I have built the page with HTML and CSS, also I downloaded PHP and installed MySQL, I am getting confused about how to combine those things and when I input my password and username it will go to successful page.
I am not seeking an answer but need some suggestions for the next step.
PLEASE NOTE - the way my SQL queries are written here are open to SQL injection (see here to get the changes you would need to make)
So to start. You want to create a database table to store your users, a form to create users, and some code to query the data into the database.
i would start with a form like this:
<form method="post" class="mt-3">
<input type="hidden" name="do" value="create" />
<div class="form-group">
<label for="itemName">First Name</label>
<input type="text" class="form-control" name="firstName">
</div>
<div class="form-group">
<label for="serialNumber">Last Name</label>
<input type="text" class="form-control" name="lastName">
</div>
<div class="form-group">
<label for="serialNumber">Username</label>
<input type="text" class="form-control" name="userName">
</div>
<div class="form-group">
<label for="serialNumber">Password</label>
<input type="password" class="form-control" name="passWord">
</div>
<a id="create-member" class="btn btn-success text-white">Submit</a>
</form>
then you want some code that will take the values you have in that form and turn them into a query to add that info into your table.
if(isset($_POST['do'])) && $_POST['do'] == 'create'
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$username = $_POST['userName'];
$password = password_hash($_POST['passWord'], PASSWORD_BCRYPT);
$sql = "INSERT INTO members (first_name, last_name, username, password) VALUES ('".$firstName."', '".$lastName."', '".$username."', '".$password."')";
mysqli_query($conn, $sql); //$conn is set in my header file and included into every page.
}
That is pretty much the process for creating a user and adding it to your table, obviously you'll have to break it down and change values to what you have in your table etc.
Next it's the case of verifying a login.
first, a login form:
<form method="post">
<input type="hidden" name="do" value="login" />
<div class="form-group">
<label for="usename">Username</label>
<input type="text" class="form-control" id="username" name="username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password">
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
and then an authentication query to follow, this will take the info in the login page, hash the password you entered and then compare it with the one in your database.
if (isset($_POST['do']) && $_POST['do'] == 'login')
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT id, first_name, last_name, password FROM members WHERE username= '$username'";
$query = mysqli_query($conn, $sql) or die(mysqli_error($conn));
if($query->num_rows == 0)
{
echo "Username or password incorrect";
}else{
$data = mysqli_fetch_array($query);
if(!password_verify($password, $data['password']))
{
echo "Username or password incorrect";
}else{
session_regenerate_id();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $_POST['username'];
$_SESSION['member_id'] = $data['id'];
$_SESSION['first_name'] = $data['first_name'];
$_SESSION['last_name'] = $data['last_name'];
}
}
}
}
?>
don't be scared about the $_SESSION variables at the bottom, i just set all user data as that so it's easier to access it on other pages, then i just follow with a header to my index.php page. In my header i also check to see that $_SESSION['loggedin'] is set to true and if not it redirects them to the login page (also be care to take into account the user might be on the login page, you dont want a redirect error)
This is my first detailed answer on this site so i hope it helps you :)
i have a registration form where it has a password field and a confirm password field. I would like the password and confirm password fields to be the same so it can register the new users information.
form:
<form class="form-signin" name="Register_Form" method="post" action="regcheck.php">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="inputPassword" class="form-control" placeholder="Password" required>
<label for="CPassword" class="sr-only">Confirm Password</label>
<input type="password" id="CPassword" name="CPassword" class="form-control" placeholder="Confirm Password" required>
<button class="btn btn-lg btn-primary btn-block" type="reg" name="reg" value="Register">Register</button>
</form>
require_once 'connect.php';
if (isset($_POST['reg'])){
//$dob = $_POST['date'];
$dob = date('Y-m-d', strtotime($_POST['date']));
$Student_ID = $_POST['Student_ID'];
$gender = $_POST['gender'];
$course = $_POST['Course'];
$email = $_POST['inputEmail'];
$password = $_POST['inputPassword'];
$cpassword = $_POST['CPassword'];
$FN = $_POST['FirstName'];
$SN = $_POST['SecondName'];
if ($password === $cpassword) {
// success!
$sql = "INSERT INTO tblaccounts (Email, Password, Student_ID, FirstName, SecondName, Course, Gender, DoB) VALUES ('".$email."','".$password."','".$Student_ID."','".$FN."','".$SN."','".$course."','".$gender."','".$dob."')";
$result = mysqli_query($connection, $sql) or die("Database Connection Failed" . mysqli_error($connection));
//$count = mysqli_num_rows($result);
echo "Registeration Successful!:";
header('Location: login.php');
}
else {
// failed :(
}
} else {
echo "Registeration Failed!:";#
?><br/>Go back to the login screen.<?php
}
I'm not sure to understand your question, in fact your code seems (in a crude way) to achieve your goal. However your script will fail at the time to redirect to login.php using header(), due you already have sent information to the client. That happens when you process your data in the same script you have used to display the form fields. I recommend you to send the form's data to another script.
I am trying to create a login system using php. What I am trying to create is to have a page that ask for username, password, email. Then when the user fill in the fields to go to the next page where the user will be asked to put his username and password in order to login to the system. Moreover, I have created something but is not working properly. The form is submitted correctly and I receive the data into my database but when the user tries to login into the system it will only allow the LAST user that registered, to login with his credentials into the system. For all the other users that are registered also, the login is not working. Please can someone help to solve this issue?
Thanks.
My HTML and PHP Code:
<div class="container">
<div class="row">
<div class="col-xs-12">
<h2>Please sign in with your username<br>
and password to complete the form... Thanks!!!</h2>
<form method="post" action="success.php">
<?php
if(isset($_POST['login'])) {
$username = $_POST['user_username'];
$password = $_POST['user_password'];
$query = "SELECT * FROM users_info";
$result = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($result)) {
$db_username = $row['user_username'];
$db_password = $row['user_password'];
}
if($username !== $db_username) {
echo "Username does not exist";
}else if ($password !== $db_password) {
echo "Password does not exist";
}else {
header("Location: form.php");
}
}
?>
<div class="form-group">
<label for="user_username">Enter Username</label>
<input type="text" name="user_username" class="form-control" required>
</div>
<div class="form-group">
<label for="user_username">Enter Password</label>
<input type="password" name="user_password" class="form-control" required>
</div>
<div class="form-group">
<input type="submit" name="login" value="Log In" class="btn btn-success">
</div>
</form>
</div>
</div>
</div>
You have to use a condition inside your loop. Because what you are doing is wrong. Please get in touch with more PHP basics and some basic login systems.
Your SQL-Query should be look like this:
$query = "SELECT * FROM users_info WHERE user_username ='". mysqli_real_escape_string(CONNECTION_VAR, $username). "' AND user_password ='". mysqli_real_escape_string(CONNECTION_VAR, $password ). "' LIMIT 1";
CONNECTION_VAR - your connection id to the database
So you get only one row, if it matches (the password and user name). You can easily fetch it like this:
$row = mysqli_fetch_assoc($result);
So you can work with the data in $row.
But please have attention to the following:
get in touch with basic php
get in touch with basic (My)SQL stuff
crypt/encrypt and hash passwords. Do NEVER use clear passwords in the database
Also learn how to use mysql classes.
Simple Login/Register system: http://codingcyber.com/simple-user-registration-script-in-php-and-mysql-84/
- But please keep in mind of hashing or salting the password. Also escape everthing before using data in a query!
You need to limit the query to pull only the user information that is attempting to log in. Note, this doesn't cover the incoming comments about SQL Safety or error reporting. I strongly suggest you do error checking to see if the fetched results are empty, then move forward.
<div class="container">
<div class="row">
<div class="col-xs-12">
<h2>Please sign in with your username<br>
and password to complete the form... Thanks!!!</h2>
<form method="post" action="success.php">
<?php
if(isset($_POST['login'])) {
$username = $_POST['user_username'];
$password = $_POST['user_password'];
//Fetch matching user data
$query = "SELECT * FROM users_info WHERE user_username = '$username' AND user_password = '$password'";
$result = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($result)) {
$db_username = $row['user_username'];
$db_password = $row['user_password'];
}
if($username !== $db_username) {
echo "Username does not exist";
}else if ($password !== $db_password) {
echo "Password does not exist";
}else {
header("Location: form.php");
}
}
?>
<div class="form-group">
<label for="user_username">Enter Username</label>
<input type="text" name="user_username" class="form-control" required>
</div>
<div class="form-group">
<label for="user_username">Enter Password</label>
<input type="password" name="user_password" class="form-control" required>
</div>
<div class="form-group">
<input type="submit" name="login" value="Log In" class="btn btn-success">
</div>
</form>
</div>
</div>
</div>
Hi I am trying to make a registration form that sends input data to phpmyadmin's database I created. I think I mixed up MySQLI and MySQL any suggestions on how to fix would be great!! I just dont understand why my data is not being sent over to the database on phpmyadmin.
PHP:
// connect to database
$db = mysqli_connect("127.0.0.1", "root", "", "user logins");
if (isset($_POST['register_btn'])) {
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$emailAddress = mysql_real_escape_string($_POST['emailAddress']);
$password = mysql_real_escape_string($_POST['password']);
$password2 - mysql_real_escape_string($_POST['password2']);
}
if ($password == $password2) {
// create user
$password = md5($password); //hash password before storing for security
$sql = "INSERT INTO user logins(firstName, lastName, emailAddress, password) VALUES('$firstName', '$lastName' '$emailAddress', '$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "You are now logged in";
$_SESSION['username'] = $username;
header('location: homepage.html'); //redirect to homepage
} else {
$_SESSION['message'] = "The two passwords do not match";
}
?>
HTML:
<link rel="stylesheet" type="text/css" href="custom.css">
<body class="background">
<div>
<h1 class="header1">Sign in Below</h1>
</div>
<div>
<form action="connect.php" method="post">
<div>
<label for="firstName">First Name:</label>
<input type="text" name="first_name" id="firstName">
</div>
<div>
<label for="lastName">Last Name:</label>
<input type="text" name="last_name" id="lastName">
</div>
<div>
<label for="emailAddress">Email Address:</label>
<input type="email" name="email" id="emailAddress">
</div>
<div>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</div>
<div>
<label for="password2">Repeat Password:</label>
<input type="password" name="password2" id="password2">
</div>
<input type="submit" name="register_btn" value="register">
</form>
</div>
</body>
Have you put in a password?
Is your database on your local machine?
Is your database table called user logins (with a space)
Is root your login?
Is your PHP file called connect.php?
Any error messages?
What happens when you click the form button
Sorry just a few things that crossed my mind that might help determine the problem.
You may just need to remove the following curly bracket
$password2 - mysql_real_escape_string($_POST['password2']);
}
and add it at the end of you file so it runs with your isset() function
$_SESSION['message'] = "The two passwords do not match";
}
}
?>
I don't think "user logins" is a valid table name. Change it to "user_logins", or at the very least, use the quote ` around the table name.
INSERT INTO `user logins`(
OR
INSERT INTO user_logins(
Second one you have to rename the table in phpmyadmin. As a general rule, you want to quote table names no matter what. Because sometimes your table name is a MySQL-reserved keyword. It's just good practice.
Also, the 4th parameter in mysqli_connect is database name. So is your database named "user logins"? Don't confuse table name with database name.
solved:(a small mistake)
this line is not a assignment :
$password2 - mysql_real_escape_string($_POST['password2']);
to
$password2 = mysql_real_escape_string($_POST['password2']);
( - ) must be converted to (=)
The problem I have: I made a "contact" form, which should send data to my database. All works good, no errors after I access the page from localhost, shows the result I wanted to see, but the database (localhost/phpmyadmin/..) doesn't update with any info.
This is my PHP:
if(isset($_POST['insert']))
{
$hostname = 'localhost';
$username = 'root';
$password = '';
$databaseName = 'nig';
$Nume = $_POST['nume'];
$Email = $_POST['email'];
$Telefon = $_POST['telefon'];
$Subiect = $_POST['subiect'];
$Mesaj = $_POST['mesaj'];
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$query = "INSERT INTO `amar` (`nume`, `email`, `telefon`, `subiect`, `mesaj`) VALUES ('$Nume','$Email','$Telefon','$Subiect','$Mesaj')";
$result = mysqli_query($connect,$query);
if($result)
{
echo 'Mesaj trimis.';
}else{
echo 'Mesaj netrimis';
}
mysqli_free_result($result);
mysqli_close($connect);
This is my HTML:
<form action="insert2.php" action="post">
<form role="form">
<div class="form-group">
<label for="nume">Nume complet</label>
<input type="text" class="form-control" name="nume">
</div>
<div class="form-group">
<label for="email">Adresa e-mail</label>
<input type="text" class="form-control" name="email">
</div>
<div class="form-group">
<label for="telefon">Telefon</label>
<input type="text" class="form-control" name="telefon">
</div>
<div class="form-group">
<label for="subiect">Subiect</label>
<input type="text" class="form-control" name="subiect">
</div>
<div class="form-group">
<label for="mesaj">Mesaj</label>
<textarea class="form-control" name="mesaj" rows="8"></textarea>
</div>
<input type="submit" name="insert" class="btn btn-theme" value="insert"></button>
</form>
And the result should be data in my MySQL. but the database isn't getting any data, what am I doing wrong?
You have two form tags, one inside the other.
Change this....
<form action="insert2.php" action="post">
<form role="form">
To this...
<form action="insert2.php" action="post">
Also, please note, your PHP code is open to SQL injection. Never trust user input. Always validate and/or escape user entered data prior to using it in a query. Or better yet, used prepared statements or stored procedures.
Update 1:
OK, sorry to hear this is not working. Please add the following mysqli error debugging so we can see what is happening.
Change this...
$result = mysqli_query($connect,$query);
To this...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$result = mysqli_query($connect,$query)
if (!$result)) {
printf("Errormessage: %s\n", mysqli_error($connect));
}
Then run the code and see if you get any errors that may help us.
Update 2:
OK, try another piece of debugging.
After this...
$query = "INSERT INTO `amar` (`nume`, `email`, `telefon`, `subiect`, `mesaj`) VALUES ('$Nume','$Email','$Telefon','$Subiect','$Mesaj')";
Add this...
die($query);
Save and run the code.
You will be given a SQL query. Copy and paste that SQL query and run it in your database management tool (phpMyAdmin for example). See if the record is added when you manually run the query or if you are given any errors.
Let us know the outcome.