I was making a login page. so I already can login into another page. then in my login page I need to put remember me checkbox and PHP. so which part in this codes that I need to put my "remember me " codes ? please help me.
this is login1.php
<?php
session_start();
//database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lala";
// Create connection
$link = mysql_connect($servername,$username,$password) or die("Could not connect");
$db= mysql_select_db("$dbname",$link) or die ("Could not select database");
$login = $_POST['login'];
$password = md5($_POST['password']);
$rememberme = $_POST['remember_me'];
$result = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
$count = mysql_num_rows($result);
if($count==1)
{
//check remember me is on or off
//if off then session login
//else add cookie
$_SESSION['username'] = $login;
$_SESSION['password'] = $password;
$result1 = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
while($row = mysql_fetch_array($result1)){
$_SESSION['gp'] = $row['gpType'];
}
header('Location:dashboard.php');
}
else
{
$_SESSION['username'] = NULL;
$_SESSION['password'] = NULL;
?>
<script type = "text/Javascript">
alert("Sorry , wrong username or password");
setTimeout("location.href = 'abc.php';");
</script>
<?php
}
?>
this is my html
<p><input type="password" name="password" value="" placeholder="Password"></p>
</div>
<div id="form2">
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me
</label>
</p></div>
<div id="form3">
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
Just Use this code after getting the $login and $password
<?php
if($_POST["remember_me"]=='1' || $_POST["remember_me"]=='on')
{
$hour = time() + 3600 * 24 * 30;
setcookie('username', $login, $hour);
setcookie('password', $password, $hour);
}
?>
Related
I am fiddling around with mysql, PHP, and phpMyAdmin and I am making a short little test login and register system. Only problem is for some reason, the register button takes me to the login page, which it's supposed to, but localhost crashes for some reason. Any help?
Edit: You can test it out too if you would like. My Site: http://localhost/
index.php
<head>
<meta charset="utf-8">
<title>Test Site</title>
<link rel="stylesheet" type="text/css" href="css/styles.css">
</head>
<body>
<form action="login/logreg.php" method="post" accept-charset="utf-8">
<label>Username: </label><input type="text" name="username" value="" placeholder="Username">
<br><br>
<label>Password: </label><input type="password" name="password" value="" placeholder="Password">
<br><br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
logreg.php
<?php
$cookie_name = "loggedin";
$servername = "localhost";
$username = "root";
$password = "H2124130E63C8D14871";
$database = "webserver";
$conn = mysqli_connect($servername, $username, $password $database);
if (!$conn) {
die("Database Connection Failed: ".mysqli_connect_error());
}
if (isset($_POST['login']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
$cookie_value = $user;
setcookie($cookie_name, $cookie_value, time() + (180), "/");
header("Location: personal.php");
}
else
{
echo "Username Or Password Is Incorrect!";
}
}
else if (isset($_POST['register']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$phash');";
$result = mysqli_query($conn, $sql);
}
?>
personal.php
<?php
$cookie_name = "loggedin";
if (isset($_COOKIE[$cookie_name]))
{
$cookie_value = $_COOKIE[$cookie_name];
echo "Welcome To Your Personal Area $cookie_value!";
echo 'Logout';
}
?>
logout.php
<?php
setcookie("loggedin", "val", time() - (120), "/");
header("Location: index.php");
?>
You missed a comma here:
$conn = mysqli_connect($servername, $username, $password $database);
I am attempting to make my first login system. For some reason when I try to get the password from my database it doesn't give a value? I'm not sure what I'm doing wrong. The error is somewhere between $sql and $db_password.
#LFlare Im not sure what the DESC users thing is. Here is a picture of the table, I wasn't sure how you wanted it. http://i.imgur.com/WkZV7IZ.png
Thanks!
<?php
session_start();
if (isset($_POST['login'])) {
include_once("db.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
//echo "Password: $password";
//echo "DB Password: $db_password";
if ($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: index.php");
} else {
echo "You didn't enter the correct details!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Your PHP
<?php
session_start();
if (isset($_POST['username']) && isset($_POST['password'])) {
include_once("db.php");
$username = mysqli_real_escape_string($sqlcon, $_POST['username']);
$password = mysqli_real_escape_string($sqlcon, $_POST['password']);
// If you want to make sure username is alphanumeric, you can do
// $username = preg_replace('/[^a-zA-Z0-9]/', '', mysqli_real_escape_string($sqlcon, $_POST['username']));
// Do not use these, mysqli_real_escape_string is enough to prevent injection attacks. Furthermore, you may be compromising user security by remove special characters in passwords.
// $username = strip_tags($_POST['username']);
// $password = strip_tags($_POST['password']);
// $username = stripslashes($username);
// $password = stripslashes($password);
// $password = md5($password); This is very susceptibile to rainbow table attacks, do something like a loop
for ($i = 0; $i < 1000; $i ++) {
$password = md5($password . $username); // Looping the md5 a thousand times and salting it with the username is good practice too.U
}
$userQuery = "SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1";
$user = mysqli_query($sqlcon, $userQuery);
if (mysqli_num_rows($user) > 0) { // If user exists,
$user = mysqli_fetch_assoc($user); // mysqli_fetch_arrays put values into $user[0], $user[1], etc.
$id = $user['id'];
$databasepass = $user['password'];
if ($password === $databasepass) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: index.php");
} else {
echo "Password is incorrect";
}
} else {
echo "Username does not exist";
}
} else {
echo "Username or Password not filled in";
}
echo $password;
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Your db.php
<?php
$host = "localhost";
$user = "root";
$pass = "";
$database = "users";
$sqlcon = mysqli_connect($host, $user, $pass, $database);
if (mysqli_connect_errno()) {
die ("MySQL Database Connection Error");
}
?>
You have your $db, and $sql backwards in mysqli_query.
$query = mysqli_query($sql, $db);
http://php.net/manual/en/function.mysql-query.php
Also, try avoid using md5, and use PHP's password_hash, http://php.net/manual/en/function.password-hash.php.
Currently, if the DB gets exploited, it's vulnerable to rainbow table attacks.
I am working on login system. But, i cannot log in. I have set my database table.
login.php
<?php
session_start();
if(isset($_POST['login'])) {
include_once("db.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
and this is db.php
<? php
$db=mysqli_connect('192.168.1.113:8080','root','hidden','av');
?>
connent of users table
id
username
password
Edit Edit
Copy Copy
Delete Delete
1
a
0cc175b9c0f1b6a831c399e269772661
Your form code look right. Just change like below your login.php code:-
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('host-name','user-name','password','database-name');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
Note:- i have added connection code here only,so change the credentials there. And use this same code to check working or not?
Also if you are working on your local then change ip address to localhost and check. If it will work then it will work with include("db.php") too.I mean to say try with $conn = mysqli_connect('localhost','root','aleksandar','av');
Here is the working login.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','root','aleksandar','av');
$db = new mysqli('localhost','root','aleksandar','av');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Oh Okay.
Lets try debugging one step at a time then.
In your db.php file, use this:
// Connecting to mysql database
$db = new mysqli('192.168.1.113:8080','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
If you get any error, please dump it here for debugging.
Updated.
// Connecting to mysql database
$db = new mysqli('localhost','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
So I have a simple database for logging in to my website, but i am having trouble with displaying whether or not a user has logged in.
session_start();
$username = $_POST['Username'];
$salt = substr($username, 0, 2);
$password = crypt($_POST['Password'], $salt);
$dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$query = $dbh->prepare("SELECT * FROM `7Ducklings` WHERE Username = ? AND Password = ?");
$array = array($username, $password);
$query->execute($array);
$numrows = $query->fetchColumn();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}else{
}
$dbh = null;
And i want this, if the user is logged in to replace the contents of this div tag:
<div id="duckdiv">
<form id="UserPass" method="POST" action="Check.php">
Username:<input type="text" placeholder="Username" name="Username">Password:<input type="password" placeholder="Password" name="Password">
<img src="ducklogin.png">
</form>
</div>
With this:
<p>"Welcome back:" $_SESSION['Username']</p>
How is this possible?
You have to start the session before using the $_SESSION superglobal array and before rendering any content.
session_start();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}
HTML view:
<?php if (isset($_SESSION['Username'])) : ?>
// render the welcome message
<?php else : ?>
// render the form
<?php endif ?>