issue with HTML and PHP language - php

I have issue with my login page, when I add my code don't display any action.
please see the below
Index.html
<form >
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>
</form>
log_exe.php
<?php
session_start();
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASSWORD = '';
$DB_DATABASE = 'la';
$con=mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD);
if(!$con)
{
die('Failed to connect to server: '.mysql_error());
}
$db=mysql_select_db($DB_DATABASE);
if(!$db)
{
die("Unable to select database");
}
$email =$_POST['email1'];
$pass =$_POST['pass1'];
$qry="SELECT Email FROM user WHERE Email='".$email."' AND Password='".$pass."';";
$qry2="SELECT email FROM Admin WHERE email='".$email."' AND password='".$pass."';";
$result=mysql_query($qry);
$result2=mysql_query($qry2);
if(mysql_num_rows($result) == 1)
{
$admin = mysql_fetch_assoc($result);
$_SESSION['Email'] = $admin['Email'];
header("location: schedule.php?Email=".$admin['Email']);
exit();
}
if(mysql_num_rows($result2) == 1)
{
$admin = mysql_fetch_assoc($result2);
$_SESSION['Email'] = $admin['Email'];
header("location: controlpanel.php?Email=".$admin['Email']);
exit();
}
else
{
die ("<script> window.confirm(\"Sorry !! Wrong username or password !!\");</script> <a href='index.html#!/page_Schedule'>Click here</a> to return to login page");
}
?>
My problem is my website don't gave me response , when I enter email and pass the page is refresh to other page and the link became like this
http://localhost/myfolder/index.html?email1=user%40hotmail.com&pass1=123&login=Log+in#.php
Thank you for your response


remove these <form > </form> tag and you can see your action. your code will be like below
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>


Remove the unwanted form from your index.html. ie modify the code like the following:
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>

Related

Submission not confirmed html php

I have an form with submit button as follows in html :-
<div style="display: flex;">
<form name="myform"method="post" action="usdbtc.php" style="float:left;">
<div id="log_err"> <strong><?php if(isset($logerror)) { echo $logerror; } else { $dn = 'dn'; } ?></strong> </div>
<p><label style="float: left;">Price:</label><input class="input101" style="float: left;" type="text" name="username" id="box1" oninput="calculate()"><label style="float: right;">: BTC</label><input class="input101" style="float: right;" type="text" name="username" id="box2" oninput="calculate()">
<br><input class="input101" style="float: right;" type="text" name="username" id="result"><br><label style="padding: 10px;">Total BTC:</label>
<td rowspan="2">
<input type="hidden" id="myform" value="1"/>
<br><span class="orderbutton" type="submit" id="ordersell" onclick="myform.submit()">SELL</span></p>
</td>
</form>
<form name="yourform"method="post" action="usdbtc.php" style="float:right;">
<p><label style="float: left;">Price:</label><input class="input101" style="float: left;" type="text" name="username" id="box3" oninput="calculate()"><label style="float: right;">: BTC</label><input class="input101" style="float: right;" type="text" name="username" id="box4" oninput="calculate()">
<br><input class="input101" style="float: right;" type="text" name="username" id="resul"><br><label style="padding: 10px;">Total BTC:</label>
<td rowspan="2">
<input type="hidden" id="yourform" value="1"/>
<br>
<span class="orderbutton" type="submit" id="orderbuy" onclick="yourform.submit()">BUY</span></p>
</td>
</form>
</div>
And to check whether user clicked 'SELL' button i do in php :-
if($_POST['myform']){
echo 'yes';
}
else {
echo 'no';
}
I am always getting no after clicking button, is there anything wrong that I haved coded in the html or php part? Help is appreciated.. I just want to get the part for php
if($_POST['?']) {...
Remember there are two forms in the page with each having name and hidden input id.

<input type="hidden" id="myform" value="1"/>
Change id attribute to name
<input type="hidden" name="myform" value="1">
And there's a missing space in form tag

My cookies are not working

I have tried creating a cookie but my value is not being saved. Here is my code. I have tried checking my connection details but it looks alright. Please help since i cannot find a solution to this problem.
<form method="POST">
<hr>
<div class="accounttype">
<input type="radio" value="Teacher" id="radioOne" name="account" checked/>
<label for="radioOne" class="radio" chec><span style="font-size: 23px;">Teacher</span></label>
<input type="radio" value="Student" id="radioTwo" name="account" />
<label for="radioTwo" class="radio"><span style="font-size: 23px;">Student</span></label>
</div>
<hr>
<label id="icon" for="name"><i class="icon-envelope "></i></label>
<input type="text" name="logid" id="logid" placeholder="Email" required/>
<label id="icon" for="name"><i class="icon-user"></i></label>
<input type="text" name="logName" id="logName" placeholder="Name" required/>
<label id="icon" for="name"><i class="icon-shield"></i></label>
<input type="password" name="logPassword" id="logPassword" placeholder="Password" required/>
<center><table>
<tr>
<td><center>
<input type="submit" name="Login" id="Login" value="Login" style="background-color: #3a57af; color: #ffffff; width: 105px; height: 40px;-webkit-border-radius: 20px;-moz-border-radius: 20px;border-radius: 20px;border: 0px;">
</center>
</td>
<?php
$userId = $_POST['logid'];
//$userName = $_POST['logName'];
$password = $_POST['logPassword'];
$account = $_POST['account'];
$teacher = "Teacher";
$student = "Student";
if ($account == $teacher) {
# code...
$sql = "SELECT * FROM teacherRecord WHERE email = '$userId' AND password='$password'";
$result = mysqli_query($con,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
setcookie("email", $userId, time() + (86400 * 30), "/");
echo $_COOKIE['email'];
//echo "<script>window.location='profile.php'</script>";
}
}
?>

Comment the same again and again

I am trying to make a comments section, where people can comment stuff on my webpage.
All the comments get to a database. Alle that works fine.
The only problem I have is, when i have commented some stuff and reload the webpage it comment the same thing again.
Is there a if statement or something to prevent this?
while ($info = mysql_fetch_array($result)){
echo '<div style="border-style: solid; border-color: #808080; border-width: thin">
<div style="width: 1%"><p style="font-size: 10px; margin: 0px">'.$info['Navn'].'</p></div>
<p>'.$info['Besked'].'</p>
</div>';
}
if (isset($_POST['navn']) && isset($_POST['besked']) && isset($_POST['submit'])) {
$navn2 = $_POST['navn'];
$besked2 = $_POST['besked'];
$data = "INSERT INTO `tester`.`davs` (`Navn`, `Besked`) VALUES ('$navn2', '$besked2');";
$resultalt = mysql_query($data);
if ($resultalt) {
echo "$resultat";
}else{
echo "$resultat";
}
mysql_close();
}
?>
<form action="database.php" method="post" id="commentform">
<label for="comment_author" class="required">Your name</label>
<input type="text" name="navn" id="comment_author" value="" tabindex="1" required="required">
<label for="comment" class="required">Your message</label>
<textarea name="besked" id="comment" rows="10" tabindex="4" required="required"></textarea>
<input type="hidden" name="comment_post_ID" value="1" id="comment_post_ID" />
<input name="submit" type="submit" value="Submit comment" />
</form>
my php code:
http://pastebin.com/bQ7c1MPD
my inputs:
http://pastebin.com/P9uc6Hhz

Use tokens in your HTML form:
<input type="hidden" name="token" value="<?=$_SESSION['token'] = uniqid(); ?>" />
This require this at the top of the PHP script (before any output):
session_start();
For validation:
if(isset($_POST['submit']) && $_POST['token'] == $_SESSION['token']))
Full code: PHP | Form

PHP $_POST returns null values

This is my html code:
<form style="width: 20%; margin: auto;" action="subscribe.php" method="post" id="subscribeToNews">
<fieldset>
<legend>Subscribe:</legend>
<label for="subName">First Name:</label><br /><input type="text" id="subName" name="subName" /><br />
<label for="subEmail">Email:</label><br /><input type="text" id="subEmail" name="subEmail" /><br />
<input style="width: inherit;" type="submit" value="Subscribe" />
</fieldset>
</form>
This is the subscribe.php file:
<?php
$con = mysqli_connect('95.76.197.98','root','','accounts');
print_r($_POST);
if (isset($_POST["subName"]) && isset($_POST["subEmail"])){
$subUser = $_POST["subName"];
$subEmail = $_POST["subEmail"];
echo "$subUser"."<br />"."$subEmail";
}
?>
I have really tried a lot of things out there on the Internet and nothing seems to work for me. Any ideas?
Also looks like the get method works for this...

Could by related to your nginx configuration.
Try:
$post = file_get_contents("php://input");

This should work:
<form style="width: 20%; margin: auto;" action="subscribe.php" method="post" id="subscribeToNews">
<fieldset>
<legend>Subscribe:</legend>
<label for="subName">First Name:</label><br /><input type="text" id="subName" name="subName" /><br />
<label for="subEmail">Email:</label><br /><input type="text" id="subEmail" name="subEmail" /><br />
<input style="width: inherit;" type="submit" value="Subscribe" />
</fieldset>
</form>
<?php
$con = mysqli_connect('95.76.197.98','root','','accounts');
if($_POST) {
$subName = mysqli_real_escape_string($con, strip_tags($_POST['subName']));
$subEmail = mysqli_real_escape_string($con, strip_tags($_POST['subEmail']));
if(isset($subName) && !empty($subName) && isset($subEmail) && !empty($subMail)) {
echo 'Name: '.$subName.'<br> Email: '.$subEmail;
}
}
?>

All is working except if($_POST['submit']=='Update')

I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->

Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!

Categories