I'm trying at the moment to create a login with PHP and MySQL but I'm stuck. The array that's supposed to give me Data from the database only returns "Null" I used var_dumb().
This is the index.php file :
<?php
include_once './Includes/functions.php';
?>
<!DOCTYPE html
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<div>
<form method="POST">
<label>User ID :</label>
<input id="login_username" name="login_username" type="login"><br>
<label>Password :</label>
<input id="login_password" name="login_password" type="password" ><br>
<input id="login_submit" name="login_submit" type="submit">
</form>
</div>
</body>
</html>
This is the function.php file :
<?php
require_once 'dbconnect.php';
function SignIn() {
$lUser = $_POST['login_username'];
$lPassword = md5($_POST['login_password']);
$querySQL = "SELECT * FROM tblUser WHERE dtUser='$lUser' AND dtPassword='$lPassword'";
$queryResult = mysqli_query($dbc, $querySQL);
while ($row = mysqli_fetch_assoc($queryResult)) {
$dataArrayLogin[] = $row;
}
if ($lUser == $dataArrayLogin['dtUser'] && $lPassword == $dataArrayLogin['dtPassword']) {
echo $dataArrayLogin;
$popup = "Login Succeed";
echo "<script type='text/javascript'>alert('$popup');</script>";
$_SESSION['user'] = $lUser;
header("Location: ./british.php");
} else {
echo $dataArrayLogin;
$popup = "Login Failed";
echo "<script type='text/javascript'>alert('$popup');</script>";
}
}
if (isset($_POST['login_submit'])) {
SignIn();
}
?>
Could you help me out ?
This could be, because you have no results?
Anyway, I've checked your code, and it's not good, because you are try to use this:
$dataArrayLogin['dtUser']
There is no 'dtUser' key in your $dataArrayLogin.
When you fetching the row, you are put it into a while cycle, and collect the data into an array:
while ($row = mysqli_fetch_assoc($queryResult)) {
$dataArrayLogin[] = $row;
}
Remove the while cycle. Simple use:
$dataArrayLogin = mysqli_fetch_assoc($queryResult);
And if you echo an array, the result will be Array. Use var_dump instead.
in your html form, you don't have <form method="POST" action="SignIn">. so when you submit the form, its not going somewhere.
You need to start debugging your script. Below are the steps I would take:
Do a var_dump() on the $_POST to see if it contains all values you want
echo the $querySQL to see if all values are put in correctly
Check your database if it actually contains the record with which you are trying to login
Fetch mysql errors using mysqli_error();
That should bring your error to light.
Edit:
I often find it usefull to place some echos throughout my script to find out what parts of the code are being accessed and what parts are being skipped.
I would add a LIMIT 1 to your query as there should only be one user with the entered credentials. This way you'll also be able to skip the while loop.
Change query like this
$querySQL = "SELECT * FROM tblUser WHERE dtUser=' ".$lUser." ' AND dtPassword=' ".$lPassword." ' ";
Related
I'm creating a function to search for users within my database, but does not work correctly throwing the following error, I have a good time trying different methods but I manage to make it work so I recuerro to you hoping that you can help
Fatal error: Call to a member function fetch_array() on null
That is the mistake that pulls me on the page and this is my code
<form method="post">
<input name="usuario" type="text" class="INPUT-GENERAL" placeholder="Buscar usuario">
<button class="BOTON-GENERAL" type="submit">Buscar</button>
</form>
<?php
$Usuario = $_POST['usuario'];
if ($Usuario!="") {
$Busqueda = $MySQLi_CON->query("SELECT * FROM users WHERE username LIKE '".real_escape_string($Usuario)."' ");
}
while ($Resultado = $Busqueda->fetch_array()) {
?>
<?php
echo '<meta http-equiv="Refresh" content="0;URL=./usuarios.php?usuario='.$Resultado['username'].'" />';
?>
<?php } ?>
try this
<?php
$Usuario = real_escape_string($_POST['usuario']);
if (!empty($Usuario)) {$Busqueda = $MySQLi_CON->query("SELECT * FROM users WHERE username LIKE '".$Usuario."' ");
}
if($Busqueda){
while ($Resultado = $Busqueda->fetch_array()) {echo '<meta http-equiv="Refresh" content="0;URL=./usuarios.php?usuario='.$Resultado['username'].'" />';}
}
?>
and avoid msqli connections use pdo next time msqli allmost finish
I have a website and I need to put a chat box but when someone write the users has to refresh the whole page to read the text but I need to make it automatically update the data please help me.
Now this is the code:
<?
session_start();
include("includes/config.php");
if($_GET['with']){
if($_SESSION['login']){
if($_SESSION['login'] == $_GET['with']){
header("Location: index.php");
}else{
$id = $_SESSION['login'];
$with = intval($_GET['with']);
if($_POST['submit']){
$text = $_POST['text'];
if(empty($text)){
}else{
$query = mysqli_query($connect,"INSERT INTO chat(`from`,`to`,`topic`) VALUES('$id','$with','$text')");
}
}
?>
<form method="post" action="chat.php?with=<?=$with?>">
<textarea name="text" placeholder="Write Here..." style="text-align:right;resize:none;width:100%;height:200px;font-size:24">
</textarea>
<br/>
<input type="submit" name="submit" value="Send"/>
</form>
<div id="chat">
<?
$query = mysqli_query($connect,"SELECT * FROM users WHERE id='$id'");
$f = mysqli_fetch_array($query);
$query = mysqli_query($connect,"SELECT * FROM users WHERE id='$with'");
$ff = mysqli_fetch_array($query);
$query = mysqli_query($connect,"SELECT * FROM chat order by id desc");
while($fetch = mysqli_fetch_array($query)){
if($fetch['from'] == $with && $fetch['to'] == $id or $fetch['from'] == $id && $fetch['to'] == $with){
if($fetch['from'] == $f['id']){
echo "<div style='word-wrap: break-word;'>".$f['fname']." ".$f['lname'].":<br/>".$fetch['topic']."</div>";
}
if($fetch['from'] == $ff['id']){
echo "<div style='max-width:200px;word-wrap: break-word;'>".$ff['fname']." ".$ff['lname'].":<br/>".$fetch['topic']."</div>";
}
}
}?>
</div>
<?}
}else{
header("Location: index.php");
}
}else{
header("Location: index.php");
}
?>
With only using php you cannot achieve what you want. However you can use ajax to accomplish what you asked for. An there is examples with source codes provided. Here is some of them:
https://css-tricks.com/jquery-php-chat/ (i recommend this/ well documented and with source code as well)
http://code.tutsplus.com/tutorials/how-to-create-a-simple-web-based-chat-application--net-5931
http://www.sitepoint.com/9-crazy-jquery-chat-chat-box-plugins/ (lis of ajax/php based chat applicatiosn)
Ajax will help you. But it is a bad practice the way you mix html javascript and php in the same code; Like this, it will be difficult for many people to help you to adapt your code with ajax.
the registration form is connected to the database via db.php but I am having trouble in submitting the login details.
<html>
<head>
<?php
include('db.php');
$username = #$_POST['username'];
$password = #$_POST['password'];
$submit = #$_POST['submit'];
the main problem is after the submit button is clicked by an existing user it should give the message but there's problem in the if statement, because on the wamp server its showing only the else message i.e. Error.
if ($submit)
{
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if (mysql_num_rows($result)) {
$check_rows = mysql_fetch_array($result);
$_POST['username'] = $check_rows['username'];
$_POST['password'] = $check_rows['password'];
echo "<center>";
echo "You are now Logged In. ";
echo "</center>";
}
else {
echo "<center>";
echo "No User found. ";
echo "</center>";
}
}
else echo "Error";
?>
</head>
<body>
<form method="post">
Username : <input name="username" placeholder="Enter Username" type="text"><br></br>
Password : <input name="password" placeholder="Enter Password" type="password"><br>
<input type="submit" value="Submit">
</body>
</html>
You want get $_POST with name submit, but do not send it to the form
Try change
<input type="submit" value="Submit">
to
<input type="submit" name="submit" value="Submit">
Firstly this is old style of php/mysql. So look at PDO on php.net seeing as you are setting out on new project it really wont be hard to make the change now rather than later.
Now onto your issue. if you intend on carrying on with your old method try this.
$sql = "SELECT * FROM user WHERE username=' . $username . ' AND password=' . $password . '";
// check the query with the die & mysql_error functions
$query = mysql_query($sql) or die(mysql_error());
$result = mysql_num_rows($query);
// checking here equal to 1 In a live case, for testing you could use >= but not much point.
if ($result == 1) {
// Checking needs to be Assoc Now you can use the field names,
// otherwise $check_rows[0], $check_rows[1] etc etc
$check_rows = mysql_fetch_assoc($query); // oops we all make mistakes, query not result, sorry.
// This is bad but for example il let this by,
// please dont access user supplied data without
// validating/sanitising it.
$_POST['username'] = $check_rows['username'];
$_POST['password'] = $check_rows['password'];
} else {
// do not logged in here
}
The same in PDO
$sql=" Your query here ";
$pdo->query($sql);
$pdo->execute();
$result = $pdo->fetch();
if ($result = 1) {
// do login stuff
} else {
// no login
}
Remember though that you need to set up PDO and it may not be available on your server by default (older php/mysql versions) but your host should be happy enough to set them up.
I'm making a login page for the admins to make some changes to a website easily. However, the login page isn't working correctly. It won't go to the error page InvalidLogin.html and it won't go to the next page of the admin website AdminChanges.php.
Instead, I'm getting the following message:
Not Found
The requested URL /website/method="post" was not found on this server.
<?php
if ($_POST['submit'] == "submit")
{
$userName = $_POST['username'];
$passWord = $_POST['password'];
$db= mysql_connect("localhost", "root", "root");
if(!$db) die("Error connecting to MySQL database.");
mysql_select_db("onlineform", $db);
$checkUserNameQuery = "SELECT username FROM onlineformdata ORDER BY id DESC LIMIT 1";
$checkUserName = mysql_query($checkUserNameQuery);
$checkPassWordQuery = "SELECT password FROM onlineformdata ORDER BY id DESC LIMIT 1";
$checkPassWord = mysql_query($checkPassWordQuery);
if (($userName == $checkUserName) && ($passWord == $checkPassWord))
{
$AdminChanges = "AdminChanges.php";
}
else
{
$AdminChanges = "InvalidLogin.html";
}
}
function PrepSQL($value)
{
// Stripslashes
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
<html>
<head>
<title>Admin Login</title>
</head>
<body>
<form action = <?php PrepSQL($AdminChanges); ?> method="post">
username: <input type="text" name="username" />
password: <input type="text" name="password" /> <br/>
<input type="submit" name="submit" value="submit" />
</form>
</body>
</html>
Two problems are joining forces to cause this error. First, your PrepSQL function does not echo the response, and neither does the code that calls it. You need to echo or print the response so that it appears in your generated HTML.
<?php echo PrepSQL($AdminChanges); ?>
Second, you need to encapsulate that value of the action attribute in double-quotes, like this:
<form action = "<?php echo PrepSQL($AdminChanges); ?>" method="post">
Also note that your code assumes that your mysql_query() statements were successful. For troubleshooting purposes, you should at least add an or die(mysql_error()) statement to the end of the mysql_query() lines. This will allow your code to provide some feedback when the query fails.
Additionally, please note that your query-handling method will never result in a valid login response.
$checkUserName = mysql_query($checkUserNameQuery);
$checkPassWord = mysql_query($checkPassWordQuery);
if (($userName == $checkUserName) && ($passWord == $checkPassWord))
mysql_query() returns a MySQL resource, not a single field from the database. Your code attempts to compare that resource to the supplied username and password, and the comparison will always fail. For details about handling the results of mysql_query() see the documentation.
Replace:
PrepSQL($AdminChanges);
with:
print PrepSQL($AdminChanges);
Try this:
<form action = "<?php echo PrepSQL($AdminChanges); ?>" method="post">
You need to echo the value.
There are 2 errors I noticed:
Your $_POST['submit'] if statement doesn't let $AdminChanges be set for the form unless it has already been submitted.
To fix this you could change your if submit statement to just redirect to your invalid login page like so:
if (($userName == $checkUserName) && ($passWord == $checkPassWord))
{
//Correct info do what you need to here
}
else
{
header("Location: InvalidLogin.html");
exit();
}
And also:
You need to change the action to go post to this page.
<form action="<? $_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data">
I have a script that I'm using that when the user enters a code I want it to add to the total in the database, however nothing is happening.
This is my code so far:
$err = array();
if (isset($_POST['doSubmit4']) === true ) // Was if ($_POST['access']=='submit')
{
$code = mysql_real_escape_string($_POST['access-key']); // Was $data['access-key']
$result = mysql_query("SELECT `akid`,`key`,`total_access` FROM access_keys WHERE id='$_SESSION[user_id]' AND type='1'") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the key exists.
if ( $num > 0 ) {
list($akid,$key,$total_access) = mysql_fetch_row($result);
if ($code == $key) {
if(empty($err)){
$total_access++;
mysql_query("update access_keys set total_access='$total_access' where akid='$akid'") or die(mysql_error());
header("Location: ./");
}
} else {
$err[] = "Invalid Access Key. Please try again with correct access key.";
}
} else {
$err[] = "Error - Invalid Access Key. No access exists for your user ID.";
}
}
I'm wanting it to add to the Total Access field each time the user enters the correct code, but it's not working.
This is my form code:
<form name="postAccess" id="postAccess" method="post" action="access.php">
<input type="password" name="access-key" id="access-key" style="background-color:black;color:white;" size="40" /><br/>
<input name="doSubmit4" type="submit" id="doSubmit4" value="submit">
</form>
It might be your parent if brackets.
Try:
if (isset($_POST['access']) === true )
instead of
if ( $_POST['access']=='submit' )
If that doesn't seem to do it, do some debugging.
Throw some echo statements in those if brackets to see what conditions are true and what are not.
EDIT:
I just realized another problem.
Your form action is invalid. This should be the path to the page you are posting the data to. So:
Instead of:
<form name="access" id="access" method="post" action="access">
You should have:
<form name="access" id="access" method="post" action="your-php-path-here.php">
Notice how action = "your-php-path-here.php" in the above code.