I'm currently using jQuery Mobile for my project. In my login page, I need to get the username and the password that the user input but every time i'm going to click the login button, it will display nothing. But when i tried to remove the cdn from jQuery mobile it works well, but the design is different.
Here's my code for my login page:
<!DOCTYPE html>
<?php
session_start();
?>
<html>
<head>
<!--CDN FROM JQUERY MOBILE-->
<meta name="viewport" content="width=device-width, initial-scale=1" charset="UTF-8">
<link rel="stylesheet" href="jquery.mobile-1.4.5.css">
<script src="jquery-1.11.2.js"></script>
<script src="jquery.mobile-1.4.5.js"></script>
<!--END-->
<title>Inhand Pinagkaisahan</title>
</head>
<body>
<div data-role="page">
<div data-role="header">
<h1>Inhand Pinagkaisahan</h1>
</div>
<div data-role="main" class="ui-content">
<form method="post" action="get.php">
<input type="text" name="uname" placeholder="Username" />
<input type="password" name="pword" placeholder="Password" />
<center><input type="submit">Login</center>
<center>Forgot Password</center>
<center><p>No account? Sign up or Learn more.</p></center>
</form>
</div>
<div data-role="footer">
<h1></h1>
</div>
</div>
</div>
</body>
</html>
I'm receiving this error:
Notice: Undefined index: uname in C:\xampp\htdocs\InhandPinagkaisahan\get.php on line 6
Notice: Undefined index: pword in C:\xampp\htdocs\InhandPinagkaisahan\get.php on line 7
And here is my php:
<?php
$con=mysql_connect('localhost','root','ADMIN') or die(mysql_error());
mysql_select_db('inhand') or die("cannot select DB");
<!--This is the part not is not working when ever i'm going to use the cdn, but when i comment out the cdn, it works properly.-->
$uname=$_POST['uname'];
$pword=$_POST['pword'];
<!--END-->
$query=mysql_query("SELECT * FROM user WHERE uname='$uname' AND pword='$pword'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['uname'];
$dbpassword=$row['pword'];
}
if($uname == $dbusername && $pword == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$uname;
/* Redirect browser */
header("Location: newsfeed.php");
} else {
echo "Invalid username or password!";
}
}
?>
Related
I ran into another problem with my website that I can't get around.
I'm trying to make it so when the admin logs in he will be taken to the admin page but for some reason when I enter the correct details into the log in and press the submit button it just brings me back to the admin log in page again.
Here is a Gyazo of my problem
https://gyazo.com/34f133fea4b20ec285ee7ff491053145
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="UTF-8">
<title>Login</title>
<script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js" type="text/javascript"></script>
<link href='https://fonts.googleapis.com/css?family=Ubuntu:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://s3-us-west-2.amazonaws.com/s.cdpn.io/148866/reset.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<body>
<main id="cd-main-content">
<section id="cd-intro">
<h1>Admin Log In</h1>
<header class="cd-header">
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
// removes backslashes
$adminusername = stripslashes($_REQUEST['adminusername']);
//escapes special characters in a string
$adminusername = mysqli_real_escape_string($con,$adminusername);
$adminpassword = stripslashes($_REQUEST['adminpassword']);
$adminpassword = mysqli_real_escape_string($con,$adminpassword);
//Checking is user existing in the database or not
$query = "SELECT * FROM `admin` WHERE username='$adminusername'
and password='".md5($adminpassword)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['username'] = $adminusername;
// Redirect user to admin page /////////////////////////////////////////////////////////////////////
header("Location: adminpage.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect.</h3>
<br/>Click here to <a href='admin.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<form action="" method="post" name="login">
<input type="text" name="adminusername" placeholder="Username" required />
<input type="password" name="adminpassword" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
</div>
<?php } ?>
<a class="cd-menu-trigger" href="#main-nav">Menu<span></span></a>
</header>
<div class="cd-blurred-bg"></div>
</section> <!-- cd-intro -->
</main>
<div class="cd-shadow-layer"></div>
<nav id="main-nav">
<ul>
<li><span>Login</span></li>
<li><span>What's On</span></li>
<li><span>Favourites</span></li>
<li><span>About</span></li>
<li><span>Admin</span></li>
</ul>
Close<span></span>
</nav>
</body>
<script src='js/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
You are doing:
if (isset($_POST['username'])) {
//...
}
Try this
if (isset($_POST['adminusername'])) {
//...
}
As a note, I suggest you to try use a framework, like laravel.
first I would debug by var_dump($_POST) and see what you get. I would bet that since you dont have an ID set for the input value name it is not working. If anything checking for ISSET($_POST['username']) would never work because you do not have a vairable set for that name.
var_dump($_POST) and see what you get. If not add an ID='username' to the input
try this :-
if (isset($_POST['submit'])){
// rest of code...
}
index.php
<?php session_start(); ?>
<?php include('dbcon.php'); ?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="form-wrapper">
<form action="#" method="post">
<h3>Login here</h3>
<div class="form-item">
<input type="text" name="user" required="required" placeholder="Username" autofocus required></input>
</div>
<div class="form-item">
<input type="password" name="pass" required="required" placeholder="Password" required></input>
</div>
<div class="button-panel">
<input type="submit" class="button" title="Log In" name="login" value="Login"></input>
</div>
</form>
<?php
if (isset($_POST['login']))
{
$username = mysqli_real_escape_string($con, $_POST['user']);
$password = mysqli_real_escape_string($con, $_POST['pass']);
$query = mysqli_query($con, "SELECT * FROM users WHERE password='$password' and username='$username'");
$row = mysqli_fetch_array($query);
$num_row = mysqli_num_rows($query);
if ($num_row > 0)
{
$_SESSION['user_id']=$row['user_id'];
header('location:home.php');
}
else
{
echo 'Invalid Username and Password Combination';
}
}
?>
</div>
</body>
</html>
Here is my page for login the system. When the username and password is then it will go to home pages. It work properly. but if I write in browser after log out.
localhost/logg/home.php it is automatically go to that pages it not asking for login. So How to make proper login page where it asking log or automatically it will go login panned for all the pages is that is connected with home page.
home.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Management System</title>
<link rel="stylesheet" type="text/css" href="css/style_entry.css" />
<link rel="stylesheet" type="text/css" href="css/home_menu.css" />
<link rel="stylesheet" type="text/css" href="css/container.css" />
</head>
<body style="background-color:gray"/>
<div class="container">
<div class="dropdown">
<button class="dropbtn">Entry</button>
<div class="dropdown-content">
Market Information
bank Information
Client Information
</div>
</div>
Edit
Bill Process
Bill Print
Bill Posting
Report
Admin
Help
Help
<li style="float:right"><a class="active" href="logout.php">Logout</a></li>
</body>
logout.php
<?php
session_start();
session_destroy();
header('location:index.php');
?>
How can I secure it ?? how can I set if I write the url in browser then it will automatically go to the login page.
1st : On top of every page you need to check session is exists or not . if session exists allow user to see the page otherwise redirect the page to login page .
if(!isset($_SESSION['user_id'])){
header('Location:login.php');
exit();
}
Note : Session is globally accessible variable . Based on that you need to make logic .
make a file 'login_check.php'
<?php
if(isset($_SESSION['user_id'])){
}else{
header("location:login.php");
}
?>
include this file in those pages which should only be accessible to logged in user.
I am working on an app. but Have a problem with the login system. I want to redirect users into (http://localhost/Media/Index.php#Home) if they logged in correctly. But it does not seem to work as of now. When I type the login info it just reload and nothing happens. Please help!
<?php include ("inc/scripts/mysql_connect.inc.php"); ?>
<?php
session_start(); //Start session
//Check if user is logged in or not
if (isset($_SESSION['user_login'])) {
$user = $_SESSION["user_login"];
}
else {
$user = ""; //Do nothing
//echo"Sorry but your are not logged in!!!!!!!!!!!!!!";
}
?>
<?php
//Login Script
//user Login code
//Check user info when user inputs login information
if (isset($_POST['user_login']) && isset($_POST['password_login']) )
{
//filters input info
$user_login = preg_replace('#[^A-Za-z0-9)]#i','', $_POST['user_login']);//filters everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9)]#i','', $_POST['password_login']);//filters everything but numbers and letters
$password_login_md5 = md5($password_login); // encrypt password input because password in database is already encrypted in md5
//use Binary for case sensitive option
$sql = mysqli_query($con, "SELECT * FROM users WHERE BINARY username= BINARY'$user_login' AND password='$password_login_md5' AND closed='no' LIMIT 1"); //query
//check for existence if user exists
$userCount = mysqli_num_rows($sql); //Count the number of rows returned
//if username exists start session
if($userCount==1)
{
while($row = mysqli_fetch_array($sql)) //fecthing the row to display information
{
$id = $row["id"]; // store user id into variable called $id
}
$_SESSION["id"] = $id;
$_SESSION['user_login'] = $user_login;
$_SESSION["password_login"] = $password_login;
header("Location: Index.php#Home");//WE WANT USER TO ACCESS THE #HOME PAGE IF THEY ONLY LOGGED IN SUCCESSFULLY
//exit("<meta http-equiv=\"refresh\" content=\"0\">");
}
else{
//echo"That information is incorrect, Please try again!";
}
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>App</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" href="themes/myThemeEdited.min.css" />
<link rel="stylesheet" href="themes/jquery.mobile.icons.min.css" />
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile.structure-1.4.5.min.css" />
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
<script src="main.js"></script>
</head>
<body>
<!-- The welcome page where users must provide login info in order to be logged in -->
<div data-role="page" id="Welcome">
<div data-role="header" data-theme="c">
<h1>Welcome</h1>
</div>
<div role="main" class="ui-content">
<form action = "Index.php" method = "POST"><!--provide username and password then submit -->
<input name="user_login" size= "25" placeholder="Username" type="text"/><!-- Enter username / placeholder username-->
<input data-clear-btn="false" name="password_login" size= "25" placeholder="Password" autocomplete="off" type="password"/><!-- Enter password /password placeholder-->
<input name="login" value="Login" type="submit" data-theme="c"/><!-- submit button style it later -->
</form>
<div>
Sign Up<!--Redirect user to sign up page if user not member yet-->
</div>
</div>
<div data-role="footer" data-position="fixed" data-theme="c"><!-- Footer display/ displays once-->
<h4>(C) 2016</h4><!-- copyright symbols include later-->
</div>
</div><!-- End of the login page-->
<!-- HOME PAGE AND USER PROFILE PAGE where users can enter and submit texts-->
<div data-role="page" id="Home">
<div data-role="header" data-theme="c"><!-- Jquery settings ref included in the header file-->
<h1>Text</h1>
</div>
<div role="main" class="ui-content">
Enter your text<br>
<!-- Allow users to type and send texts-->
<input name="text-basic" id="text-basic" value="" type="text"/><!-- Enter and send text -->
Send<!-- submit button with onclcick function -->
</div>
</div><!-- End of the Home page-->
</body>
</html><!-- End code-->
As mentioned in my comment above, I don't think you can use a redirect here, since the redirect is executed before the HTML on the page is loaded, thus the id doesn't exist when you're trying to redirect to it. You CAN, however, use javascript and .scrollTop to do this.
Put this code at the bottom of your page:
<?php
if (isset($_SESSION['user_login']))
{
echo '<script>
var x = document.getElementById('Home').scrollTop;
document.body.scrollTop = x;
</script>';
}
?>
I am new to PHP and I am trying to develop a simple login system where it echoes a success message and redirects to a secure page and when details are wrong, it echoes an error message and reloads the login form.
I have been trying to for a while now and cannot figure it out, even though I have some functionality in terms of it directing to the correct page.
My database on PhpMyAdmin is correctly configured. Also, any help on sessions would be greatly appreciated.
PHP CODE:
<?php
$servername = "localhost";
$username = "root";
$password = "cornwall";
$con=mysqli_connect('localhost','root','cornwall','ibill');
// This code creates a connection to the MySQL database in PHPMyAdmin named 'ibill':
$username = $_POST['username'];
$password = $_POST['password'];
//These are the different PHP variables that store my posted data.
$login="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($con, $login);
$count=mysqli_num_rows($result);
//This is the query that will be sent to the MySQL server.
if($count==1)
{
header('Location: http://localhost/projects/ibill_v3/html/main.html#home');
exit();
}
//This checks the 'user_details' database for correct user registration details and if successful, directs to home page.
else {
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
echo "Wrong details";
exit();
}
//If login details are incorrect
/** Error reporting */
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
?>
HMTL CODE
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1; minimum-scale=1;">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css">
<link href="/projects/ibill_v3/css/mainstyles.css" rel="StyleSheet"/>
<link href="/projects/ibill_v3/css/loginform.css" rel="StyleSheet"/>
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
<script src="script.js"></script>
<script type='text/javascript' src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js"></script>
<script type='text/javascript'>
$(document).on('pageinit', function(){
$('.loginform').validate({ // initialize the plugin
// rules & options
});
});
</script>
</head>
<body>
<!--********************************LOGIN FORM PAGE**********************************************-->
<!--****************************************************************************************-->
<!--********************************HEADER**********************************************-->
<div data-role="page" id="loginform">
<div data-role="header" data-id="foo1" data-position="fixed">
<h1>Register</h1>
</div>
<!--********************************HEADER**********************************************-->
<!--********************************MAIN**********************************************-->
<div data-role="main" class="ui-content">
<img class="mainlogo" src="/projects/ibill_v3/img/ibill logo.png" alt="iBill Logo" width="250" height="190">
<h2>Sign in</h2>
<section class="loginform">
<form data-ajax="false" method="POST" action="loginform.php" >
<ul>
<li>
<label for="username">Username</label>
<input type="text" name="username" id="username" class="required" minlength="5" placeholder="enter username (min-5 characters)">
</li>
<li>
<label for="password">Password</label>
<input type="password" name="password" placeholder="enter password" minlength="6">
</li>
<div id="loginformbutton">
<button class='active' type='submit' value='submit'>Sign in</button>
</div>
<p>Don't have an account? Sign up!</p>
<div id="registerbutton">
Register
</div>
</ul>
</form>
</section>
</div>
<!--********************************MAIN**********************************************-->
<!--********************************FOOTER**********************************************-->
<div data-role="footer">
<footer class="footer">
<p>awilliams©</p>
</footer>
</div>
</div>
<!--********************************END OF LOGIN FORM PAGE**********************************************-->
<!--****************************************************************************************-->
</body>
...
else
{
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
echo "Wrong details";
exit();
}
The above is going to redirect before your echo statement is reached, so nothing will be displayed.
Secondly, the following line:
<form data-ajax="false" method="POST" action="loginform.php" > will not send any data back to your file containing the form if you're using echo statements. It is going to redirect to the loginform.php and will stay there if you do not explicitly redirect back the page with your form.
Instead, use:
<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> as your form's action. And then include your loginform.php somewhere before the form in your HTML.
This is going to send data back to the form's file and replaces special characters to HTML entities (for security), it also allows you to use echo's or variables to return messages to the user.
loginform.php will need to check if specific inputs are posted:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if($_POST['username'] && $_POST['password'])
{
//do work
}
}
Here is a basic php form tutorial to start you off: php tutorial
I think it's because your redirecting to the same page with no post. I didn't look through all the code, that is just my first stab at it
This will not appear on loginform.html:
echo "Wrong details";
Use something like:
$_SESSION['errorMessage'] = "Wrong details";
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
exit();
And then on loginform.html, add this code to display the error message:
if(isset( $_SESSION['errorMessage'])) echo $_SESSION['errorMessage'];
I have a page which loads completely when it is on a local server i uploaded the site on the server and some of my pages won't load here is the example of my pages
should i do something more when it is on server?what is the common problems in this situations?
<?php include("includes/manager_session.php");?>
<?php require_once("includes/connection.php");?>
<?php
$message="";
if(isset($_POST['submit'])){
$uname= mysqli_real_escape_string($cnn,$_POST['uname']);
$pass= mysqli_real_escape_string($cnn,$_POST['pass']);
$hashed_pass=sha1($pass);
function redirect_to($location){
header('Location:'.$location);}
//checking for available users
$query="select manager_id,uname,hashed_pass from manager where uname='{$uname}' and hashed_pass='{$hashed_pass}'";
$result=mysqli_query($cnn,$query);
//if query returns a thing
if($result){
$num_rows = mysqli_num_rows($result);
//agar user peida shod
if($num_rows == 1){
$found_user=mysqli_fetch_array($result);
$_SESSION['manager_id']=$found_user['manager_id'];
$_SESSION['manager_pass']=$found_user['hashed_pass'];
redirect_to("manager_profile.php");
}
//useri peida nashod
else{
echo "can not find user";
redirect_to("manager_login.php");
}
}else{echo mysqli_error($cnn);}
}
?>
<html lang='fa'>
<head>
<meta charset="utf-8">
<title>
کیمیافکر
</title>
<link rel="stylesheet" type="text/css" href="stylesheets/login-form.css" />
</head>
<body>
<div id="wrapper">
<form name="login-form" class="login-form" action="" method="post">
<input type="text" name="uname"/>
<input type="pass" name="pass"/>
</div>
</body>
</html>
<?php
mysqli_close($cnn);
?>
all pages that has the session part comes up with nothing in it (on of the sessions) when it is online so what is the problem her am i missing something ?