PHP Session - Form Submit Logs Out User - php

I have a member form that requires a password to gain access to it.
Once the user has entered the password they may then enter in their details in the form.
However the problem is that when the user submits the form they are getting logged out of the session.
I would like the user to remain logged in when they hit submit and then be directed to a second member form further down the same page.
Here is the code I am using for the password login:
`
<?php
//encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';
session_start();
session_unset();
session_destroy();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if (sha1($_POST['password']) == $password) {
$_SESSION['loggedIn'] = true;
} else {
header ("Location: error.php");
exit();
}
}
if (!$_SESSION['loggedIn']): ?>
<html>
<head><title>Login Page</title></head>
<body>
<form method="post" action="registration/signup.php">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
`
Here is the code I am using at the top of the password protected page (Member Form Page):
<?php
require('../access.php');
?>
And this is the form on the password protected page (Member Form Page):
<form action="#sky-form2" method="post" enctype="multipart/form-data" id="sky-form" class="sky-form">
<fieldset>
<div class="row">
<div class="col-md-4" align="left">
<label class="input">
<input type="text" name="name" placeholder="Name">
<b class="tooltip tooltip-bottom-left">Enter you full name</b>
</label>
</div>
<div class="col-md-4" align="left">
<label class="input">
<input type="email" name="email" placeholder="E-mail">
<b class="tooltip tooltip-bottom-left">Enter a valid email address</b>
</label>
</div>
</div>
</fieldset>
<div class="row">
<div class="col-md-4" align="left">
<button type="submit" button class="border-button">NEXT</button>
</div>
</div>
</form>
I know that the password method above is not the most secure, however I really dont require it to be. I just want the member form to be available to everyone who has been given a password for it.
Huge thank you to anyone who can help me out with this.

Related

Hide Form Div Using PHP if Statment

Trying to make a login form become hidden once a successful login has happened within the form, so that the form cannot be seen by the user once they are logged in, but I still need a success message to be displayed when a successful login has happened.
I have the form and the login sorted and it displayed a success message when a successful login has been made but I cant hide the form upon successful login.
i have an if statement set up using isset but that's as far as I got I don't know what needs to go inside the if statement for me to hide the form.
This is the PHP code for my login page -
<?php
require('includes/application_top.php');
$page_title='Login!';
if (isset($_POST['action'])) {
$username_input = $_POST['username'];
$password_input = $_POST['password'];
$login_ok = login($username_input, $password_input);
}
require('includes/site_header.php');
?>
<style>
<?php
require('css/login.css');
?>
</style>
<br>
<br>
<br>
<?php
if (isset($login_ok)) {
?>
<div class="row">
<div class="col-sm-12">
<?php
if ( ! $login_ok) {
?>
<div class="alert alert-danger">
<p>Your credentials were invalid</p>
</div>
<?php
} else {
?>
<div class="alert alert-success">
<p>Login successful</p>
</div>
<?php
}
?>
</div>
</div>
<?php
}
?>
<!-- This is the if statement I mention -->
<?php
if !isset($login_okay){
?>
<div class="wrapper dafswInDown" hidden>
}
?>
<div class="wrapper fadeInDown">
<div id="formContent">
<!-- Icon -->
<div class="fadeIn first">
<br>
<img src="images/Head1.jpg" style="height: 40%; width: 60%;" id="icon" alt="User Icon" />
<br>
<h3> Login! </h3>
</div>
<br>
<!-- Login Form -->
<form id="login_form" action="login_page.php" method="post">
<input type="text" class="fadeIn second" id="username" name="username" placeholder="Username" value="<?= isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '' ?>" maxlength="100" />
<input type="password" class="form-control" id="password" name="password" placeholder="Password" value="" />
<input type="submit" class="fadeIn fourth" name="action" value="Login"/>
</form>
<!-- Remind Passowrd -->
<div id="formFooter">
<a class="underlineHover" href="#">Forgot Password?</a>
</div>
</div>
</div>
<?php
require('includes/application_bottom.php');
require('includes/site_footer.php');
?>

There are a number of different ways you can approach this problem, but i think the best way to do this is with a session variable. Make your login function create a session variable that will follow the logged in user around throughout the website, then its just a matter of checking for the value and either displaying or hiding the form based on that. Here is a simplified example:
<?php function login($username_input=false, $password_input=false){
// Do all your verification here
// If logged in then:
session_start();
$_SESSION["user"] = true;
}
// Then on the form side just do this:
if(!$_SESSION["user"]){ ?>
FORM HERE
<?php } ?>

If password in textbox doesn't match databases', stop FORM from submitting

In the update password form, if the current password is not same as what is there in the database how should I stop the form from submitting?
Presently, I have a form wherein using AJAX I am checking if the password in the textbox is same as that in the database and if not, it displays a message that password is incorrect but when I submit the form with a new password, the password gets updated.
I want that if password in textbox is not the same as is present in the database, execution should stop until correct password is not entered.
FORM
<h5>Update Password</h5>
</div>
<div class="widget-content nopadding">
<form class="form-horizontal" method="post" action="#" name="password_validate" id="password_validate" novalidate="novalidate">
<div class="control-group">
<label class="control-label">Current Password</label>
<div class="controls">
<input type="password" name="current_pwd" id="current_pwd" />
<span id="chk_pwd"></span>
</div>
</div>
<div class="control-group">
<label class="control-label">New Password</label>
<div class="controls">
<input type="password" name="new_pwd" id="new_pwd" />
</div>
</div>
<div class="control-group">
<label class="control-label">Confirm Password</label>
<div class="controls">
<input type="password" name="confirm_pwd" id="confirm_pwd" />
<span id="chk_confirm_pwd"></span>
</div>
</div>
<div class="form-actions">
<input type="submit" name="submit" value="Validate" class="btn btn-success">
</div>
</form>
JQUERY
$(document).ready(function(){
$('#new_pwd').click(function(){
var current_pwd=$('#current_pwd').val();
$.ajax({
type:'get',
url:'admin_profile_settings_back.php',
data:{current_pwd:current_pwd},
//dataType:"html",
success:function(resp){
$("#chk_pwd").html(resp).show().fadeOut(3000);
}
})
})
})
PHP Backend for AJAX
<?php
session_start();
include "../includes/config.php";
$current_pwd=$_GET['current_pwd'];
$aid=$_SESSION['aid'];
$r=$mysqli->query("SELECT * FROM admin WHERE aid='$aid' ");
$row=$r->fetch_assoc();
if($current_pwd==$row['password'])
{
echo "Password Is Correct";
}
else
{
echo "Password Is Incorrect";
}

You should include a where clause to check for the current password.
You should hash + salt your password
This example does not have any input checks, you should always verify user input, ALWAYS.
You should use the PDO library and perform prepare statements, is more secure than mysqli, also you can mysqli_real_escape_string() at minimum
<?php
session_start();
include "../includes/config.php";
$current_pwd=$_GET['current_pwd'];
$aid=$_SESSION['aid'];
$current_pwd = $mysqli->real_escape_string($current_pwd);
$r=$mysqli->query("SELECT * FROM admin WHERE aid='$aid' and password='$current_pwd' ");
$row=$r->fetch_assoc();
if($current_pwd==$row['password'])
{
echo "Password Is Correct";
}
else
{
echo "Password Is Incorrect";
}

Login Page redirecting to admin.php but not connecting to adminpanel.php

Here is how my admin login page should work:
1.For a valid login:
login.php>admin.php>adminpanel.php
2. For non valid login:
login.php>admin.php>login.php
Facts:
1. db is connected
2. db fields are "userid" "username" " password"
3. password is encrypted
Problem is :
Login page redirecting me to admin.php page and no error is showing .
//login.php
<form action = "admin.php" role="form" method="post">
<div class="form-group input-group">
<span class="input-group-addon">Name</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Name">
</div>
<div class="form-group input-group">
<span class="input-group-addon">Password</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Password">
</div>
<?php
if (isset($_GET['error'])){
echo "Hay Dude!!! Are You Lost? call 911!!";
}?>
<button type="submit" class="btn btn-lg btn-primary">login</button>
</form>
//admin.php
<?php
include ("dbconnect.php");
session_start();
if (isset($_POST['logout'])){
unset($_session['admin']);
}
if (isset($_POST['login'])){
$login_sqli= "SELECT * FROM user WHERE Name ='".$_POST['username']."'AND Password='".sha1($_POST['password'])."'";
$login_query = mysqli_query($dbconnect,$login_sqli);
if (mysqli_num_rows($login_query)>0){
$login_rs= mysqli_fetch_assoc($login_query);
$_session['admin']=$login_rs['username'];
}else
header ("location:admin.php?error=login");
}
<body>
<div class="col-lg-12 text-center">
<div class="jumbotron">
<h1>Hay Dude! You Lost?? Try Again or Call 911!!</h1>
<?php
if (!isset($_session['admin'])){
include ("login.php");
}else{
include ("adminpanel.php");
}
?>
</div>
</div>
</body>

php login script not redirecting to next page

My login.php is as given below, It is not able to take me to welcome.php. Neither it is giving login error. It simply give 500 error page.
<?php
include("db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=mysqli_real_escape_string($db,$_POST['password']);
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result=mysqli_query($db,$sql);
$count=mysqli_num_rows($db,$result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<div class="wrapper">
<form class="form-signin" action="login.php" method="post">
<h2 class="form-signin-heading">Please login</h2>
<input type="text" class="form-control" name="username" placeholder="User Name" required="" autofocus="" />
</br>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/>
<label class="checkbox">
<input type="checkbox" value="remember-me" id="rememberMe" name="rememberMe"> Remember me
</label>
<button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
</form>
</div>
It gives 500 error after I submit usename and password and not able to take me to welcome.php.

If you are using header(Location: something.php), you should load it as first output in php. Or else it will not work.
session_start() will change the HTTP Header.
Instead try below one,
echo "<script>window.location.href='welcome.php';</script>";

override include php if logged in

I'm working on a login system. I want when I login at index.php, the include from that page change to another. So in my case the fully header change and the login button disappear.
So I want to change <?php include('header.php'); ?>
to
<?php include('header2.php'); ?>
if logged in
The login:
<div id="loginContainer">
<span>Login</span><em></em>
<div style="clear:both"></div>
<div id="loginBox">
<form id="loginForm" action="login.php" autocomplete="on" method="post">
<fieldset id="body">
<fieldset>
<label for="email">Email Address</label>
<input id="username" name="username" required="required" type="text" placeholder="myusername"/>
</fieldset>
<fieldset>
<label for="password">Password</label>
<input id="password" name="password" required="required" type="password" placeholder="eg. X8df!90EO" />
</fieldset>
<input type="submit" name="login" value="Login" />
<label for="checkbox"><input type="checkbox" id="checkbox" />Remember me</label>
</fieldset>
<span>Forgot your password?</span>
</form>
</div>
</div></
Part of login.php
if($res = $mysqli->query($q))
{
if($res->num_rows > 0)
{
$_SESSION['userName'] = $userName;
//header("Location:welcome.php");
include('header4.php');
exit;
}
else
{
echo'<script>alert("INVALID USERNAME OR PASSWORD");</script>';
header("Location:index.php");
exit;
}
}

Simply check if a session is set, and then include the right file. Something like this.
if (isset($_SESSION['userName']) && !empty($_SESSION['userName'])) {
// If the user is logged in, include this file
include "header2.php";
} else {
// Else, we're not logged in, include this file
include "header.php";
}

Categories