Alright so, I've been racking my brain, searching the web and I just can't find an answer.
I have my form, pretty easy etc.
<form id="loginForm" method="post" autocomplete="on" action="sign/in">
<fieldset id="body">
<fieldset>
<input name="email" type="text" placeholder="User Name / Email" id="email" autocomplete="email" required>
</fieldset>
<fieldset>
<input name="password" type="password" placeholder="Password" id="password" autocomplete="password" required>
</fieldset>
<input type="submit" id="login" data-url="sign/in" value="Log In">
</fieldset>
<span>Forgot your password?</span>
</form>
However, when it submits, the Variable $_POST["email"] doesn't get submitted (and $_POST["password"] too..) Anyone have any idea why this is?
It works fine when I send it via GET method.
But for obvious reasons i'm not doing that.
Any help would be appreciated!
==EDIT==
Here is the PHP Code. Keep in mind, its just temp code so its messy.
<?php
session_start();
include("config.php");
if(!isset($_POST['email']))
{
echo "File Not Found";
}
else
{
$u = mysql_real_escape_string($_POST["email"]);
$p = hash(whirlpool, mysql_real_escape_string($_POST['password']));
$q = mysql_query("SELECT uid FROM users WHERE email='$u' AND password='$p' LIMIT 1");
//if ($num_rows == 1)
if (mysql_fetch_array($q, MYSQL_ASSOC))
{
setcookie('email', $_POST['email'], time() + 2147483647, "/");
setcookie('password', hash(whirlpool, $_POST['password']), time() + 2147483647, "/");
$_SESSION['logged'] = 1;
$qSessions = mysql_query("SELECT * FROM users WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
$iSessions = mysql_fetch_row($qSessions);
$_SESSION['uid'] = $iSessions[0];
mysql_query("UPDATE users SET lastip='".$_SERVER['REMOTE_ADDR']."' WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
mysql_query("UPDATE users SET status=1 WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
setcookie('status', $_SESSION['status'], time() + 2147483647);
header("location:index.php");
}
else
{
echo "Sorry, there is no registered account with that email or the password is incorrect. Please login again.<br />";
echo "<a href='index.php'>Home</a>";
}
}
?>
Related
Here is the code of the username check I don't know how to make a code for the error message
<?php
if ($_POST['username']) {
include_once "connect_to_mysql.php";
$username = stripslashes($_POST['username']);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM Users WHERE Us_Name='$username' AND Us_Password='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
$id = $row["Us_ID"];
$_SESSION['Us_ID'] = $id;
$username = $row["Us_Name"];
$_SESSION['Us_Name'] = $username;
header("location: Home2.php?id=$id");
}
} else {
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
exit();
}
}
?>
Add this is the code of the form.
I want the message to appear under the boxes of username and password
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
I want the message to look like something like this
errorMsg
Instead of:
print '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
Do:
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
And then in the HTML, do this:
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<?php echo $msg; ?> <!-- Here is where the message will appear -->
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
EDIT: Also, no need to exit();. Simply create the variable so you can echo it wherever you want it in your HTML by embedding your PHP in it.
Only printing will put it at the very top of the page, even before the <!DOCTYPE html>.
<!-- LOGIN -->
<div id="loginContainer">
<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='POST'>
<div id="emailPasswordContainer">
<input type="text" id="loginInputEmail" placeholder="Email" name="emailA" maxlength="35" required></input>
<input type="password" id="loginInputPassword" placeholder="Password" name="passwordA" maxlength="35" required></input>
</div>
<button type="submit" name="submitLogin" value="submit" id="buttonLogin">
<span id="loginText">
Login
</span>
</button>
</form>
<?php
$loginErrorMessage = "";
// start the session and register the session variables
session_start("ProtectVariables");
if(isset($_POST['submitLogin'])) {
$emailLogin = $_POST['emailA'];
$passwordLogin = md5($_POST['passwordA']);
$loginQuery = "SELECT email,password FROM account WHERE email='" . $emailLogin . "' AND password='" . $passwordLogin . "'";
$loginResult = mysql_query($loginQuery,$db);
if(mysql_num_rows($loginResult)==1){
if ($_POST['submitLogin']) {
header("Location: page2.php?page=1");
}
}
else {
$loginErrorMessage = "";
}
}
?>
</div>
This is the code I'm using to login to my website with! But when I get to page2.php?page=1, it won't let me call any of the variables such as $emailLogin or $passwordLogin. The reason I want to use the $emailLogin on page2.php is so I can have it the users first name. I'm not sure if it's a problem with this code or the way I'm calling it on the other page which is just this: echo $emailLogin;
Thank you for your help in advanced! :D
$loginQuery = "SELECT email,password FROM account WHERE email='" . $emailLogin . "' AND password='" . $passwordLogin . "'";
$loginResult = mysql_query($loginQuery);
$admin_row=mysql_fetch_array($loginResult );
if (mysql_num_rows($loginResult ) == 1)
{
session_start();
$getemail=$admin_row['email'];
//session_register("uname");
$_SESSION['logged_user']=$getemail;
header("Location: page2.php?page=1");
}
in page2.php you can print logged user email using below code
<?php
session_start();
echo $_SESSION['logged_user'];
?>
I've spent a lot of time looking for something that could help me doing this:
I have 3 pages, one called login.php, another called trataLogin.php and another called index.php.
The login and trataLogin page is working perfectly but when I try to call a variable into the index.php from login I can't do it.. I don't know what else to do it.
This is my login.php
<?php
require_once('connection/dbconnection.php');
session_start();
?>
...
<form name="form" action="trataLogin.php" method="post">
<input type="text" name="username" placeholder="username" /><br/>
<input type="password" name="password" placeholder="password" /><br/>
<br/>
<br/>
<input type="submit" value="login" />
</form>
trataLogin.php
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
$username = $_POST['username'];
$password = sha1($_POST['password']);
$query = "SELECT * FROM utilizadores WHERE username = '" . $username . "' AND password = '" . $password . "'";
$admin='';
$result = $conn->query($query);
if ($result->num_rows > 0) {
$_SESSION['verifica_login'];
$row = $result->fetch_assoc();
if ($row['admin'] == 1) {
$admin = true;
header('Location:admin.php');
} elseif($row['admin'] == 0){
$admin = false;
header('Location:index.php');
} else {
$_SESSION['verifica_login']="Username ou password incorretos";
}}
?>
and in index.php I have this
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
?>
and somewhere below in index.php I've something that it was suppose to print the username of the person who logged in
<?php echo $_SESSION['username']; ?>
You're overwriting your $_SESSION in index.php:
Remove that part
$_SESSION['dadoslogin']=$_POST;
And echo your variable like this:
echo $_SESSION['dadoslogin']['username'];
This error has started ever since I hired a new developer for my website.
It just echos WRONG! when it is obviously the right login details.
Can you help me?
<?php
include "global.php";
?>
<h2>Login</h2>
<?php
echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. ";
?>
<br>
<br>
<?php
if(isset($_POST["email"])){
$email = $_POST["email"];
$password = sha1($_POST["password"]);
$check = mysqli_num_rows($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
if($check == 1){
echo "Logged in!";
}
else {
echo "WRONG!";
}
}
?>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
Email <input name="email" placeholder="Email Address" required="" type="text"><br>
Password <input name="password" placeholder="Password" required="" type="password"><br>
<input type="reset" value="Start Over">
<input type="submit" value="Login">
</form>
You are not at all executing the query !
See here
$check = mysqli_num_rows($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
You need to execute your query with mysqli_query() which is missing on your code.
here is some code that I plan on using in a registration form for my site
<?php
session_start();
include ("includes/config.php");
if ($Authenticated == False) {
?>
<div id="register">
<form action="index.php?page=register" method="post">
<lable id="registerStuff"> Name: </>
<input id="registerIn" type='text' name='name' maxlength="20" />
<br/>
<lable id="registerStuff"> Surname: </>
<input id="registerIn" type='text' name='surname' maxlength="20" />
<br/>
<lable id="registerStuff"> Username: </>
<input id="registerIn" type='text' name='username' maxlength="20" />
<br/>
<lable id="registerStuff"> Password: </>
<input id="registerIn" type='password' name='password' maxlength="20" />
<br/>
<lable id="registerStuff"> Retype Password: </>
<input id="registerIn" type='password' name='passwordcheck' maxlength="20" />
<br/>
<input type='submit' value='Register'>
<br/>
</form>
</div>
<?php
$name = mysql_real_escape_string($_POST['name']);
$surname = mysql_real_escape_string($_POST['surname']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$passwordcheck = mysql_real_escape_string(md5($_POST['passwordcheck']));
if ($username OR $password OR $passwordcheck != null) {
if ($password == $passwordcheck) {
$query = "INSERT INTO users (name, surname, username, password) VALUES ('" . $name . "', '" . $surname . "', '" . $username . "', '" . $password . "')";
$result = mysql_query($query);
if (!$result) {
echo "Username wrong";
}
} else {
echo "passwords didnt match";
}
}
}
if ($Authenticated == True) {
header("Location: index.php");
}
?>
I cant seem to get proper error messages working, I need to check if the 2 passwords entered are identical, I also need to make sure that no blanks can be entered into the DB. If anyone could help me at all it would be much appreciated
You made quite a common mistake I guess. Most beginners seem to want to write as little code as possible. However, in this case that doesn't work. You will have to check each variable for emptiness.
Your code would be correct when you changed your if construct:
if ($username != "" AND $password != "" AND $passwordcheck != "") {
}
However, to make the code look a bit slighter, it's probably best to just use the function empty() that returns TRUE if the variable is empty:
if (!empty($username) AND !empty($password) AND !empty($passwordcheck)) {
}
Very interesting code you have there. I would suggest, before asking people here to write more than half of your script, to Google "PHP Login Script" - this is the number one result and the answer to your question.
$sql="SELECT * FROM $tbl_name
WHERE username='$myusername' AND password='$mypassword'";
$result=mysql_query($sql);
With that said, this is the incorrect way of doing it and you should look into prepared statements. Since you're starting off, you probably should start of with a security mindset.