I'm trying to check if user entered password correctly both times, but when I press submit button when passwords don't match in the password fields, it still registers me successfully.
<?php
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password2']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '" . $username . "'");
if (mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
if ($_POST['password'] != $_POST['password2'])
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
} else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('" . $username . "', '" . $password . "', '" . $email . "')");
if ($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
} else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Member Registration</h1>
<p>Thanks for visiting! Please either Register below, or
click here to Sing In.
</p>
<br>
<br>
<div class="container" style="width:250px; height:100px;">
<form class="form-signin" method="post"
action="registrationsimple.php" name="registerform"
id="registerform">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username"
class="form-control" placeholder="Username"/><br/>
<label for="password">Password:</label>
<input type="password" name="password"
id="password" class="form-control"
placeholder="Password"/><br/>
<label for="password2">Password2:</label>
<input type="password" name="password2"
id="password2" class="form-control"
placeholder="Password"/><br/>
<label for="email">Email Address:</label>
<input type="text" name="email" id="email"
class="form-control" placeholder="Email Adress" ;/>
<br/>
<input type="submit" name="register" id="register"
value="Register" class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"/>
</fieldset>
</form>
<?php
}
?>
</div>
I found many confusing lines in your codes:
First, You declare for password A, but not password B. So, it should be:
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
Second, You declared the variables but not using it to validate, so it should be:
if ($password != $password2) {
Third, The IF and ELSE structure is not (confused what should I say), so pls check again THAT structure. that makes PHP & browser gets confused too.
Forth, You have email which you don't include it there in PHP scripts.
From the statements above, I suggest you to see this follows:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
if(empty($_POST['username']) && empty($_POST['password']) && empty($_POST['password2'])){
echo "<h1>Error</h1>";
echo "<p>Sorry, you must fill all the fields. Please go back and try again.</p>";
}
elseif ($password!=$password2) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
}
elseif (//validate the email here){
//.....................
}
else{
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
else{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
}
else{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
//REMOVE ELSE IN THIS FOLLOWS!
else{
//............ ?????????????????????
}
?>
And at Last, Please change into MySQLI ext or (best recom = PDO).
Malformatted:
<input
type="text" name="email"
id="email" class="form-control"
placeholder="Email Adress"
/>
<br />
<input
type="submit" name="register"
id="register" value="Register"
class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"
/>
Logic appears to work as you intended.
Related
The PHP script supposed to receive two variables : username and password but it doesn't do that and it always "echo" : "missing input".
I tried to echo the two variables but nothing was echoed, which i think means that they are not initialized.
This is the script:
require_once ('connect.php');
$username= $_POST['username'];
$password= $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!empty($username) && !empty($password)) {
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if(mysqli_query($con,$query)) {
echo "Welcome";
mysqli_close($con);
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
else {
echo "missing input";
}
I tried sending the post data using Postman and via HTML page but both returned the same thing: "missing input"
This is the HTML i used
<form action="mlog.php" method="post">
<input type="textbox" name="username" value="username" />
<input type="textbox" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
its <input type="text">
<form action="mlog.php" method="post">
<input type="text" name="username" value="username" />
<input type="text" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
Check if the login button was clicked, then check if the username and password are not empty then assign the vars to them if not.
<?php
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username= $_POST['username'];
$password= $_POST['password'];
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if($r) {
echo "Welcome";
//redirect
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
?>
I have this line of code and I am trying to send an error message if the username password combination don't match, the thing is the message displays when I access the page, even before i enter a username and password. how do I make the message appear ONLY after login failed?
Thanks!!
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
if(($user == "someusername") && ($pass == "somepassword"))
{
include("../securedfile.php");
}
else{
$message = "Invalid User/Password - Please Try Again";
echo "<script type='text/javascript'>alert('$message');</script>";
}
if(isset ($_POST))
{?>
<div class="secure">
<form method="POST" action="secure.php">
username:<input class="user" type="text" name="user"></input><br/><br/>
password:<input class="pass" type="password" name="pass"></input><br/><br/>
<button class="submit" type="submit" name="submit">SUBMIT</span></button>
</form>
</div>
<?}
}
?>
There is the parenthesis problem with the 'else', then the form is calling secure.php instead of calling itself, there's no isset...The rewritten code below would be a better way of doing it. And have checked it, it works. (The name of this whole file - new.php)
<div class="secure">
<form method="POST" action="new.php">
username:<input class="user" type="text" name="user"></input><br/><br/>
password:<input class="pass" type="password" name="pass"></input><br/><br/>
<button class="submit" type="submit" name="submit">SUBMIT</span></button>
</form>
</div>
<?php
// checking the user
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "someusername" && $pass == "somepassword")
{
include("../securedfile.php");
}
else
{
$message = "Invalid User/Password - Please Try Again";
echo "<script type='text/javascript'>alert('$message');</script>";
}
}
?>
I created a sign up page for my website in php . In my code I put if the username , password confirm password and/or email is empty it would give then an error , which it does , but it still says that the user was created . I don't want that to happen . If any of the user fields are empty I want them to go back to the sign up page and fill out the missing fields . All it does is give the echo statement and then it says user was created .
sign up.php:
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post" action="process2.php">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up.<br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
?>
Process2.php:
<?php
include("db.php");
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up. <br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
So basically what I tried is putting the if the fields are empty statements before the code that sends the information to the database it doesn't work . I tried putting it after the code that sends the information to database it didn't work . I also tried putting it on the sign up page but it didn't work either .
What I want to happen is if any of the fields are empty nothing will be sent to the database . Can someone help me ?
update :
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])) {
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
include("db.php");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (($_POST['submit'])){
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
I would place some of the signup and process code in the same page like this in signup.php (notice I have also removed the "action" code from the form tag:
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])){
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (!empty($_POST['submit'])){
//place most of the code from your process.php code here
echo "processing";
}
firstly check your connection to the database also check your users table if the field is nullable if it so then you might wanna put some try-catch block on your code to see the errors.
You need to redirect to signup.php when validation fails..For this you can check the input and if either of it empty then you can redirect in process2.php as:
if(empty($username) || empty($pw) || empty($pw2) || empty($email))
{
header( "refresh:5;url=signup.php" );
} else {
//You can do your things here..
}
I developed a login page with video captcha.For now the login function work perfectly.
In this page user required to watch video,and then answer a question before they are allowed to login once the answer match with database.
The problem is how do I validate the input for answer with the answer in database. My database table for video consist of ID | Video | question | answer
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
if(isset($_SESSION['email'])){
header("location: members.php"); //isset check to see if a variables has been 'set'
}
if(isset($_POST['submit']))
{
//Variables from the table
$email = $_POST['email'];
$password = $_POST['password'];
//Prevent MySQL Injections
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysqli_real_escape_string($con, $email);
$password = mysqli_real_escape_string($con, $password);
//Check to see if the user left any space empty!
if($email == "" || $password == "")
{
echo "Please fill in all the information!";
}
//Check to see if the username AND password MATCHES the username AND password in the DB
else
{
$query = mysqli_query($con,"SELECT * FROM detail WHERE email = '$email' and password = '$password'") or die("Can not query DB.");
$count = mysqli_num_rows($query);
if($count == 1){
//YES WE FOUND A MATCH!
$_SESSION['email'] = $email; //Create a session for the user!
header ("location: members.php");
}
else{
echo "Username and Password DO NOT MATCH! TRY AGAIN!";
}
}
}
?>
</span>
<form action="login.php" method="post">
<label><b>Login</b>Not a member? Register now!</label><br /><br />
<label>Email :<span>*</span></label><br />
<input name="email" type="text" id="email" placeholder="username#domain" required>
<br />
<label>Password :<span>*</span></label><br />
<input name="password" type="password" id="password" placeholder="********"required>
<br />
</div>
<div style="float:right; width:50%; ">
<?php
mysql_connect("localhost","root","");
mysql_select_db("details");
$res=mysql_query("select * from video ORDER BY RAND() LIMIT 1");
while($row=mysql_fetch_array($res))
{
?>
<center><video width="360" height="270" controls><source src="**<?php echo $row["video"];?>**" type="video/mp4">
</video><center>**<?php echo $row['question']; ?>**</center> </center>
<input name="captcha" type="text" size"4" placeholder="" required><br>
</fieldset>
<br /><br />
<input type="reset" value="Reset" />
<input type="submit" name="submit" value="Login">
</form>
<?php
}
?>
I am working on this registration system where I have a captcha control at the end. I have error reporting included, no error appears. Output page says capcha successfull. While I can see in DB no data being inserted..
Form:
<h2>Registration Form</h2>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
PHP:
include 'db_connect.php';
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
if ($username=='')
{
echo 'Please choose an username for yourself.';
exit();
}
if ($password1=='')
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if ($password2=='')
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if ($name=='')
{
echo 'Please enter your first and the last name.';
exit();
}
if ($phone=='')
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if ($email=='')
{
echo 'Please enter your email address.';
exit();
}
//duplicate Entry Validation
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
//Data Insertion
$query = "insert into users (username,password,name,phone,email) value ('$username','$password1','$name','$phone','$email')";
if(mysql_query($query)) {
echo "Registration Successfull";
}
}
//Captcha Validation
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
?>
MySQL is deprecated already, you should use MySQLi instead. Try this:
PHP:
<?php
/* ESTABLISH CONNECTION */
session_start();
$con=mysqli_connect("YouHost","YouUsername","YourPassword","YourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
if (isset($_POST['register'])) { /* THIS SHOULD BE register, BECAUSE YOU NAMED YOUR SUBMIT BUTTON register, NOT submit */
$username = mysqli_real_escape_string($con,$_POST['username']);
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password2 = mysqli_real_escape_string($con,$_POST['password2']);
$name = mysqli_real_escape_string($con,$_POST['name']);
$phone = mysqli_real_escape_string($con,$_POST['phone']);
$email = mysqli_real_escape_string($con,$_POST['email']);
/* YOU SHOULD PRACTICE USING ESCAPE_STRING TO PREVENT SOME OF SQL INJECTIONS */
if (empty($username))
{
echo 'Please choose a username for yourself.';
exit();
}
if (empty($password1))
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if (empty($password2))
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if (empty($name))
{
echo 'Please enter your first and the last name.';
exit();
}
if (empty($phone))
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if (empty($email))
{
echo 'Please enter your email address.';
exit();
}
/* duplicate Entry Validation */
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysqli_query($con,$check_email);
if(mysqli_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
/* Data Insertion. YOU SHOULD ALSO CONSIDER IF THE PASSWORD 1 AND 2 ARE THE SAME */
if($password1==$password2 && !empty($username) && !empty($name) && !empty($phone) && !empty($email)){ /* IF PASSWORD1 IS THE SAME WITH PASSWORD2 */
/* INSERT QUERY */
$query = mysqli_query($con,"INSERT INTO users (username,password,name,phone,email) VALUES ('$username','$password1','$name','$phone','$email')");
echo "Registration Successfull";
} /* END OF IF PASSWORD1 IS EQUALS TO PASSWORD2 */
else {
echo "Alert('Password is not the same.')";
exit();
}
/* Captcha Validation */
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
} /* END OF ISSET SUBMIT */
?>
Your HTML file:
<html>
<body>
<h2>Registration Form</h2>
<form action='YourPHPFile' method='POST'>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
</form>
</body>
</html>