This code does not seem to be working. It only shows a blank page when I click the login button. What could be the issue.
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("register", $con);
$query =("SELECT * FROM users WHERE username = '". $username ."' AND password = '". $password ."' LIMIT 1");
$count = mysql_num_rows($query);
if ($count == 0) {
echo 'Error: username or password wrong ';
} else {
echo "Registration Successful, redirecting";
header("refresh:3; url=login.html");
mysql_close($con)
?>
Use an IDE not only an Editor!
Using my IDE it showed me an error right away and it was quite easy to fix afterwards:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("register", $con);
$query =("SELECT * FROM users WHERE username = '". $username ."' AND password = '". $password ."' LIMIT 1");
$count = mysql_num_rows($query);
if ($count == 0) {
echo 'Error: username or password wrong ';
} else {
echo "Registration Successful, redirecting";
}
header("refresh:3; url=login.html");
mysql_close($con);
?>
You forgot the closing curly brackets of the else part AND the semi colon in your second last line!
Related
I'm currently doing a webpage, and by now I'm focused on the log in and registration forms. I have also a sql database connected. When I register a new user with the registration form, the database is updated succesfully. The problem is that when I try to log in with that user, the page doesn't recognize it. Besides, if I try to log in with an user that I introduced manually with Netbeans, it recognize it.
$con = mysqli_connect("localhost", "root", "mypassword");
if(!$con) {
exit('Connect Error (' . mysqli_connect_errno() .') ' . mysqli_connect_error());
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = mysqli_real_escape_string($con, htmlentities($_POST['new_mail']));
$password = mysqli_real_escape_string($con, htmlentities($_POST['new_passwd']));
$sql = "INSERT INTO usuarios (usuario, clave) VALUES ('". $user ."' , ' ".md5($password)."')";
mysqli_query($con, $sql);
if(mysqli_affected_rows($con) > 0) {
?>
<script type='text/javascript'>
alert('You have been registered succesfully. Now you can access our website');
</script>
<?php
header("Location: login_page.html");
echo "<br><br><a href='index.php'>Go back</a>";
} else {
if(mysqli_errno($con) == 1062) {
echo "The e-mail address introduced is already on the system.";
echo "<br><a href='register.html'>Try again</a>";
} else {
echo "Error: " .$sql . "<br>" . mysqli_error($con);
}
}
That's the code I use after fulfilling the registration form. The next one is the one I use after the log in form.
$con = mysqli_connect("localhost", "root", "mypassword");
if(!$con) {
exit('Connect Error (' . mysqli_connect_errno() .') ' . mysqli_connect_error());
}
if(mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_errno());
exit();
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = mysqli_real_escape_string($con, htmlentities($_POST['username']));
$password = mysqli_real_escape_string($con, htmlentities($_POST['password']));
$sql = "SELECT * FROM usuarios WHERE usuario='" . $user ."' AND clave='" . md5($password) . "'";
mysqli_query($con, $sql);
if(mysqli_affected_rows($con) > 0) {
//echo "Welcome " . $_SESSION['username'] . "!";
//echo "<br><br><a href='user_page.php'>Main Page</a>";
//echo "<br><a href= 'close_session.php'>Close Session</a>";
header("Location: main_page.html");
} else {
exit ("The user or password introduced are not correct");
}
$row = mysqli_fetch_row($sql);
$_SESSION['user'] = $row;
$_SESSION['username'] = $row[0];
mysqli_free_result($sql);
?>
Thank you for your help.
Few mistakes that you are doing on your registration page.
You are not using prepared statements.
You are using md5() instead of password_hash() and password_verify() to secure your passwords.
You are using cleansing mechanism on the password which you should't as this may change the original password.
With the above you should use prepared statements and take the advantage of password hash and verify,
therefore your register page. should look :
<?php
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = $_POST['new_mail'];
$password = $_POST['new_passwd'];
$hash = password_hash($password, PASSWORD_DEFAULT);
//check if user is not registered already, I'm not sure if you have user_id, what I know you should have id which is auto increment, then select that id
$sql = "SELECT user_id FROM usuarios WHERE usuario = ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $user);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//user exists
echo "The e-mail address introduced is already on the system.";
echo "<br><a href='register.html'>Try again</a>";
} else {
//user does not exist register the user
$query = "INSERT INTO usuarios (usuario, clave) VALUES (?,?)";
$insert = mysqli_prepare($con, $query);
mysqli_stmt_bind_param($insert, "ss", $user, $hash);
if (mysqli_stmt_execute($insert)):
?>
<script type='text/javascript'>
alert('You have been registered succesfully. Now you can access our website');
</script>
<?php
header("Location: login_page.html");
echo "<br><br><a href='index.php'>Go back</a>";
else:
printf("Error: %s.\n", mysqli_stmt_error($insert));
endif;
}
?>
Then login
<?php
session_start();
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_errno());
exit();
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = $_POST['username'];
$password = $_POST['password'];
#ONLY SELECT THE SPECIFIC COLUMNS YOU NEED, DON'T USE#
$sql = "SELECT clave,anotherColumn,anotherColumn FROM usuarios WHERE usuario= ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $login);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
$row = $row = mysqli_fetch_assoc($result);
if (password_verify($password, $row['clave'])) {
//passwords set sections, redirec
} else {
//user password does not match the stored hash return message
}
} else {
//username does not exist, do something
}
?>
I am trying to check if the username is available before i insert into the table.
But it seems to insert into the table no matter if the username already exists.
Here is my php code:
<?php
session_start();
define('DB_NAME', 'madsanker_dk_db');
define('DB_USER', 'madsanker_dk');
define('DB_PASSWORD', 'myPassword');
define('DB_HOST', 'mysql43.unoeuro.com');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' .mysqli_error());
}
$db_selected = mysqli_select_db( $link, DB_NAME);
if (!$db_selected) {
die('Could not connect: ' .mysqli_connect_error());
}
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
$email = $_POST['email'];
$username = mysqli_real_escape_string($link,$username);
$password = mysqli_real_escape_string($link,$password);
$name = mysqli_real_escape_string($link,$name);
$email = mysqli_real_escape_string($link,$email);
$password = md5($password);
$sql = "SELECT * FROM mainLogin WHERE username = '$username'";
$result = mysqli_query($link, $sql);
$count = mysqli_num_rows($result);
if($count > 0) {
$sql = "INSERT INTO mainLogin (username, password, name, email) VALUES ('$username', '$password', '$name','$email' )";
$result = mysqli_query($link, $sql);
if (!$result) {
die('Error: ' . mysqli_error($link));
}else {
$_SESSION['login'] = $username;
echo "<script>window.location = 'http://madsanker.dk.linux101.unoeuro-server.com'</script>";
}
}else {
echo "username taken";
}
mysqli_close($link);
?>
What am I doing wrong?
just change the greater sign in your if statement from ">" to ==0
if($count==0){
}
If username already in db than change this condition:
if($count > 0) {
//your stuff
}
With:
if($count <= 0) { // if not found
//your stuff
}
The website has a login system, however when a user logs into the website I simply want their details to appear on the next page. This is my code I so far. Problem is, I only want to display the logged in users details, not all the databases details.
<?php $servername = "localhost"; $username = "root"; $password = ""; $dbname = "loginsystem";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, firstname, lastname FROM members";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"]. "</td><td>" . $row["firstname"]. " " . $row["lastname"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
LOG IN SYSTEM
<?php
session_start();
if (isset($_POST['username'])) {
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT id, username, password FROM members WHERE username = '$usname' AND activated = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row[1];
$dbPassword = $row[2];
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && password_verify($paswd,$dbPassword)) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: MemberDetails.php");
} else {
echo "Oops that username or password combination was incorrect.
<br /> Please try again.";
}
}
?>
Add
session_start();
to the top of the page and then on the next page as well and then you will be able to carry over those variables once they are set.
For example:
$_SESSION['user'] = $_POST['user'];
Then on the next page call:
echo $_SESSION['user'];
You first have to implement the user login part. and after that, get the specified user id or login credentials and use that in your query.
In your LOG IN SYSTEM file, put session_start(); before including the db connection.
Then in the member details page do this:
session_start(); //put this on the first line.
Then your query will now look like below:
<?php
$servername = "localhost"; $username = "root"; $password = ""; $dbname = "loginsystem";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$user_id = $_SESSION['id'];
$sql = "SELECT user_id, firstname, lastname FROM members WHERE user_id = ".$user_id;
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"]. "</td><td>" . $row["firstname"]. " " . $row["lastname"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
Database structure
Am facing challenges in the following code; please help:
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
$result = mysql_query($sql);
if($result){
$_session['loged'] = '$loFmUname';
header('location:index.html');
die();
}
else{
echo"Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
}
else{
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
The error is coming on line 15.
Note that strtolower() is being used to ignore case-sensitive username.
Change the line
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
By this one
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
This may help you.
Thanks
You need to use dot separators when doing manipulation to a variable inside a variable.
Also, should $_SESSION['loged'] = '$loFmUname'; be that, or $_SESSION['logged'] = '$loFmUname';?
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$result = mysql_query("SELECT * FROM Persons WHERE $loFmUname='" . strtolower($db_field['UserName']) . "' AND $myPwd='$db_field['UserPwd']' ");
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
Folks, Please check my code..am executing the below code by http://localhost/mycart/login.php?is_ajax=1&username=srini&password=srini Then am getting this error even though passing valid user name and password. kindly help me thanks
mysql_num_rows() expects parameter 1 to be resource, boolean given in
C:\wamp\www\mycart\login.php on line 25 and username 'srini' and password 'srini' not found
<?php
$is_ajax = $_REQUEST['is_ajax'];
if (isset($is_ajax) && $is_ajax) {
error_reporting(E_ALL ^ E_NOTICE);
$uname = $_REQUEST['username'];
$pword = $_REQUEST['password'];
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
echo $uname;
echo $pword;
$con = mysql_connect("localhost", "root", "root");
if (!$con) {
die('Connection Failed' . mysql_error());
}
mysql_select_db("test", $con);
$result = mysql_query("SELECT * FROM login WHERE L1 = $uname AND L2 = $pword");
$num_rows = mysql_num_rows($result);
if ($num_rows > 0)
echo "success";
else
echo "username '{$uname}' and password '{$pword}' not found";
mysql_close($con);
}
?>
Your result is probably false. Try this:
$result = mysql_query("SELECT * FROM login WHERE L1 = '".$uname."' AND L2 = '".$pword."'");
Use ' in your SQL query to mask string values:
$result = mysql_query("SELECT * FROM login WHERE L1 = '" . $uname . "' AND L2 = '" . $pword . "'");