Can't sign up using my DB - php

I need to make a Sign in form for my website. And I have to use MySQLi because MySQL will cause decaprated on my try.
So, here's the index.php code:
<?php
session_start();ob_start();
$con=mysqli_connect("localhost","root","","oos");
if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
if(isset($_POST['signin']))
{
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
$co=0;
while($row=mysqli_fetch_assoc($result1)) $co++;
if($co==1)
{
$_SESSION['a']=$username;
header("Location: main_menu.php");
}
} ?>
The problem is, when I make $username="admin" and $password = "admin", it will go to main_menu.php alright. But when I try to do as above, base on my database, it won't go to main_menu.php.
How can I sign in, go to the main_menu.php using ID from my database?

Sorry, I already checked it, it's a stupid mistake. Inside this snippet:
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
fix to this:
$query1 = "select * from admintb where adID = '$username' and adPass = '$pass' ";

Related

extracting info from database to html page error

i'm very new to PHP so i apologize if this is a simple fix but i'm experiencing a weird issue. I've created a website that uses facebook authentication. once they login, their information gets stored in a database I've created. i then created some functions that display the users facebook image and name on the profile page of my website. problem is sometimes it shows, and other times i receive this error. "notice: undefined index: fbid in /PATH/ on line 132". Here is the code.
<div id="userInfo" class="userInfo">
<h1> <?php
$dbHost = "localhost";
$dbUsername = "root";
$dbPassword = "root";
$dbName = "facebooklogin";
$conn = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo " ". $row["first_name"]." ". $row["last_name"]."";
}
} else {
echo "0 results";
}
$conn->close();
?></h1>
userData.php
<?php
session_start();
include 'dbConfig.php';
$userData = json_decode($_POST['userData']);
if(!empty($userData)){
$oauth_provider = $_POST['oauth_provider'];
$_SESSION['fbid'] = $userData->id;
var_dump($_SESSION);
$prevQuery = "SELECT * FROM users WHERE oauth_provider =
'".$oauth_provider."' AND oauth_uid = '".$userData->id."'";
$prevResult = $db->query($prevQuery);
if($prevResult->num_rows > 0){
$query = "UPDATE users SET first_name = '".$userData-
>first_name."', last_name = '".$userData->last_name."', email =
'".$userData->email."', gender = '".$userData->gender."', locale =
'".$userData->locale."', picture = '".$userData->picture->data->url."',
link = '".$userData->link."', modified = '".date("Y-m-d H:i:s")."'
WHERE oauth_provider = '".$oauth_provider."' AND oauth_uid =
'".$userData->id."'";
$update = $db->query($query);
}else{
$query = "INSERT INTO users SET oauth_provider =
'".$oauth_provider."', oauth_uid = '".$userData->id."', first_name =
'".$userData->first_name."', last_name = '".$userData->last_name."',
email = '".$userData->email."', gender = '".$userData->gender."',
locale = '".$userData->locale."', picture = '".$userData->picture-
>data->url."', link = '".$userData->link."', created = '".date("Y-m-d
H:i:s")."', modified = '".date("Y-m-d H:i:s")."'";
$insert = $db->query($query);
}
}
?>
It seems that you don't have the variable set when you use it in the query.
Check it before the query, like:
if (isset($_SESSION['fbid'])) {
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql); } else {
// not logged in
}
To check the values of $_SESSION, just do a var_dump($_SESSION) and you can see what is set.

PHP / MySQL: Login form doesn't work

I've got a login.php file which looks like this:
include "myfuncs.php";
$connect = dbConnection();
$username = $_POST["username"];
$passwort = md5($_POST["password"]);
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $passwort)
{
echo "Hi $username";
$_SESSION["username"] = $username;
echo "Login successfully";
}
else
{
echo "Login doesn't work";
}
and a myfuncs.php file which looks like this:
function dbConnection()
{
$servername = "...";
$username = "...";
$password = "...";
$dbname = "...";
$db_connect = new mysqli($servername, $username, $password, $dbname);
if ($db_connect->connect_error)
{
die("Connection failed: " . $db_connect->connect_error);
}
return $db_connect;
}
Unfortunately the login form doesn't work - it always gives the error "Login doesn't work" even when the username and password matches with the database entry.
Arg, you are mixing a mysqli with class mysql functions. I dont think it works...
It works this way : PHP MySQLI
$stmt = $mysqli->prepare($query)
while ($stmt->fetch()) {
(...)
}
I see you have error in your variable name in line #6.
try this:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$result= mysql_query($query);
$row = mysql_fetch_object($result);
There are several problems with your code. In myfuncs.php you use mysqli and after that, in your code you use mysql (without "i"). mysql (without "i") is deprecated, so you should use mysqli everywhere.
More than that, in your code you have:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
Please see the bold text from next two lines (it should be the same variable):
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
You should have
$result = mysql_query($query);
if you will use mysql.

Reducing MSQL Query to a specific session

Using the code below, I was able to display each username and trial 1/0 flag in the table. What I want to do is display the data only for the existing user so I can say something like "Hello USERNAME, you have TRIAL access..." etc...
We're using standard HTACESS as the un/pass to enter the info area.
What needs to change here to only show the existing user's session?
<?PHP
$user_name = "blahblahblah";
$password = "blahblahblah";
$database = "blahblahblah";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM member_auth";
$result = mysql_query($SQL);
while ( $db_field = mysql_fetch_array($result) ) {
print $db_field['username'] . " : ";
print $db_field['trial'] . " <br> ";
}
mysql_close($db_handle);
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
?>
please don't use mysql_ functions.. look into PDO or MySQLi here: http://www.phptherightway.com/#databases
Update your query to only return specific user results.
Using Form POST:
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
Using URL Parameters:
$username = mysql_real_escape_string($_GET["username"]);
$password = mysql_real_escape_string($_GET["password"]);
So your SQL query will now look like:
$SQL = "SELECT * FROM member_auth WHERE username = '" . $username . "' AND password = '" . $password . "'";

PHP registered user check

I have PHP + AS3 user login&register modul.I want to check registered user by username.But can't do it because I'm new at PHP.If you can help it will helpfull thx.(result_message part is my AS3 info text box.)
<?php
include_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES ('$username', '$password', '$userbio')";
mysql_query($sql) or exit("result_message=Error");
exit("result_message=success.");
?>
Use MySQLi as your PHP function. Start there, it's safer.
Connect your DB -
$host = "////";
$user = "////";
$pass = "////";
$dbName = "////";
$db = new mysqli($host, $user, $pass, $dbName);
if($db->connect_errno){
echo "Failed to connect to MySQL: " .
$db->connect_errno . "<br>";
}
If you are getting the information from the form -
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
you can query the DB and check the username and password -
$query = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($query);
If you get something back -
if($result) {
//CHECK PASSWORD TO VERIFY
} else {
echo "No user found.";
}
then verify the password. You could also attempt to verify the username and password at the same time in your MySQL query like so -
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password';
#Brad is right, though. You should take a little more precaution when writing this as it is easily susceptible to hacks. This is a pretty good starter guide - http://codular.com/php-mysqli
Using PDO is a good start, your connect.php should include something like the following:
try {
$db = new PDO('mysql:host=host','dbname=name','mysql_username','mysql_password');
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
Your insert would go something like:
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES (?, ?, ?)";
$std = $db->prepare($sql);
$std = execute(array($username, $password, $userbio));
To find a user you could query similarly setting your $username manually of from $_POST:
$query = "SELECT * FROM users WHERE username = ?";
$std = $db->prepare($query)
$std = execute($username);
$result = $std->fetchAll();
if($result) {
foreach ($result as $user) { print_r($user); }
} else { echo "No Users found."; }
It is important to bind your values, yet another guide for reference, since I do not have enough rep yet to link for each PDO command directly from the manual, this guide and website has helped me out a lot with PHP and PDO.

Syntax error in MySQL statement

EDIT: I know the error is somewhere here:
$connection = #mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = #mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "SELECT * FROM authorize WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
$result = #mysql_query($sql, $connection) or die(mysql_error());
$num = mysql_num_rows($result);
$lstbalance = 0;
$balance = 0;
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$lstbalance = $sql -> lostbalance;
$balance = $sql -> balance;
}
}
if ($win==true)
{
$sql = "update users set lostbalance='($lstbalance+(($payouts[$result1.\'|\'.$result2.\'|\'.$result3])*(int)$_POST[\'bet\']))' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
else
{
$sql = "update users set lostbalance='(lstbalance-(int)$_POST[\'bet\'])' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
$result = #mysql_query($sql, $connection) or die(mysql_error());
I was able to narrow down the error to this piece of code, help appreciated. Regards.
When I comment it out everything seems to work all the connect variables are from a different file and are valid.
$lostbalance = $lstbalance+(($payouts[$result1])*(int)$_POST['bet']));
$sql = "update users set lostbalance='$lostbalance' WHERE username = '".$_SESSION['user_name']."' and password = '".$_SESSION['password']."'";
i dont understand about ur code on $payout[$result1.\'|\'.$result2.\'|\'.$result3]

Categories