just having an issue with an index error. It's basically throwing this at me
http://puu.sh/chc2e/7e26d51bda.png
I am unsure of why it's giving it to me as I have listed it in the index? Any ideas
My code:
<?php
include ('config.php');
?>
<?php
// Getting username and password from login form
$username = $_POST['username'];
$password = md5($_POST['password']);
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM login WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is to count number of row from the above query
$count=mysql_num_rows($result);
// count is 1 if the above username and password matches
if($count==1){
// now redirect to dashboard page, we also store the username in session for further use in dashboard
$_SESSION['username']= $username; // storing username in session
header("location:index.php");
}
//if the username and password doesn't match redirect to homepage with message=1
else {
echo '
<script language="javascript" type="text/javascript">
window.location.href="index.php?message=1";
</script>';
}
?>
Any help is appreciated. Thanks!
EDIT: User asked to see my Login form
<?php
if(isset($_POST["submit"])){
if(!empty($_POST['user']) && !empty($_POST['pass'])) {
$user=$_POST['user'];
$pass=$_POST['pass'];
$pass = strip_tags($pass);
$pass = md5($pass); // md5 is used to encrypt your password to make it more secure.
$con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('aha') or die("cannot select DB");
$query=mysql_query("SELECT * FROM login WHERE username='".$user."' AND password='".$pass."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($user == $dbusername && $pass == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$user;
/* Redirect browser */
header("Location: member.php");
}
} else {
echo "<div class='results'>Invalid username or password</div>";
}
} else {
echo "All fields are required!";
}
}
?>
HTML LOGIN:
<form action="" method="POST">
<label>Username:</label>
<input type="text" name="user" required />
<label>Password:</label>
<input type="password" name="pass" required />
<input type="submit" value="Login" name="submit" class="submit" />
<br><br>
<center>
<h2><p>Register</p></h2>
</center>
You have E_NOTICE enabled on your webserver (in php.ini).
You can typically ignore these errors, (disable them in your ini file will do the trick).
In order to fix the issue you need to define $username and $password as something (before the $_POST) because $_POST does not always exist.
$username = false;
$password = false;
for example.
As for the mysql issue, I strongly suggest looking into mysqli!
The standard mysql contains so many bugs, security issues and flaws it doesn't even exist anymore in the newer php versions.
in your first code change
$username = $_POST['user'];
$password = md5($_POST['pass']);
edit:
edit password line like point andrewsi
Change your login form with these name attributes :
<form action="" method="POST">
<label>Username:</label>
<input type="text" name="username" required />
<label>Password:</label>
<input type="password" name="password" required />
<input type="submit" value="Login" name="submit" class="submit" />
<br><br>
<center>
<h2><p>Register</p></h2>
</center>
</form>
Also replace all your $_POST['user'] and $_POST['pass'] occurences by $_POST['username'] and $_POST['password'] in your PHP code.
The fields are null, please var_dump() them. Need to see your frontend to determine more.
If you are posting form then try accessing the form via;
$_POST['Form']['Field']
Undefined Index means that the key you are trying to access in the array does not exist in the array. Undefined Index = Key (string), Undefined Offset = Index (number).
Related
I have my Oral defense at school next week.. and I tried searching for answers.. none was working so I figured out to ask here right away..
So okay.. my page is here and I connected my php page to my database (godaddy) and its working.. in registration.php, you can add employee and its being added to my database "table" but when I try login.php it said.. "Incorrect password" but the password is correct in my database..
its like.. my php can be connected to database
but my database doesn't want to connect to my php page..
what's wrong with my code? Can you help me? please?
<?php
require('db.php');
session_start();
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
$query = "SELECT * FROM 'users' WHERE username='$username' and password='".md5($password)."'";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: home.php");
} else {
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/><div>";
}
}else{
?>
<div class="form">
<h1>Log In</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
</div>
<?php } ?>
I have been attempting to create a login form. I have been playing around with the code below and still can not get a working login form.
Is there any errors that is stopping my form from working? No matter what i type into the form it takes it to 'login.php' and then just presents a blank screen.
here is my HTML
<?php
include('login.php'); // Include Login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: home.php');
}
error_reporting(-1);
?>
<form method="post" action="login.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" value="Login" />
</form>
Here is my login.php
<?php
session_start();
include("connection.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
//Check username and password from database
$sql="SELECT id FROM staff WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>
I have the database setup with the table called 'staff' with "id","username", "password"
You need to add a name Attribute name="submit" to your button:
<input type="submit" name="submit" value="Login" />
Why it's needed
Because you're checking if the name Attribute submit is set
if (isset ($_POST['submit']))
but you didn't set a button name Attribute in the first place.
Side note
As others mentioned in the comments you need to protect your code from SQL Injections.
This is invalid syntax:
if ((isset($_SESSION['username']) != ''))
You need to check if the session is set AND is not equal to nothing/is empty.
if (isset($_SESSION['username']) && $_SESSION['username'] != '')
You can also shorten that down to just:
if (!empty($_SESSION['username']))
Your initial form should not include login.php. Ultimately it would have a session_start() function and end up looking more like this:
<?php
session_start();
if (isset($_SESSION['username']) && $_SESSION['username'] != '')
{
header('Location: home.php');
}
error_reporting(-1);
?>
<form method="post" action="login.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
Including login.php here will give you nightmares when it comes to troubleshooting and tracking down errors.
You really shouldn't use MD5 password hashes and you really should use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack.
One more thing, don't limit passwords. Limiting passwords, as this astute cartoon points out, is a recipe for disaster in this day and age.
taking email and password from a login form.
selecting a table user from database.
where email= email & password both are taken by login form
<?php
if(isset($_POST['login']))
{
$email=mysqli_real_escape_string($db, $_POST['email']);
$password=mysqli_real_escape_string($db, $_POST['password']);
$login="SELECT * FROM 'user' WHERE 'email' = '$email' AND 'password' = '$password' ";
$run_login = mysqli_query($db, $login) or die(mysqli_error($db));
$count = mysqli_num_rows($run_login);
if($count == 1)
{
echo "login success";
}else
{
echo "somthing wrrong";
}
}
?>
i have problem with login validation. The problem is when i try to login using admin, the page stop on checklogin.php and won't tell if it is succeed or not. Here is my code.
Index.html
<body>
<section class="container">
<div class="login">
<h1>Aplikasi Pengelola Data Pelatihan dan Seminar</h1>
<form method="post" action="checklogin.php">
<p><input type="text" name="username" value="" placeholder="Username or Email"></p>
<p><input type="password" name="password" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
<div class="login-help">
<p>Forgot your password? Click here to reset it.</p>
</div>
</section>
</body>
checklogin.php
<?php
if (isset($_POST['login']))
{
if(isset($_POST['username']))
{
$username=$_POST['username'];
}
if(isset($_POST['password']))
{
$password=$_POST['password'];
}
// Connect to database.
$host="localhost"; // Host name.
$db_user="root"; // MySQL username.
$db_password=""; // MySQL password.
$db="seminardanpelatihan"; // Database.
$con = mysqli_connect($host,$db_user,$db_password,$db);
if(mysqli_connect_errno())
{
echo "Failed to connect : " . mysqli_connect_error();
}
else
{
mysqli_select_db($con, $db);
$result = mysqli_query($con, "SELECT * FROM login WHERE username='$username' and password='$password'");
$count=mysqli_num_rows($result);
if($count==1)
{
$_SESSION['username']= "username";
$_SESSION['password']= "password";
header("login_success.php"); // Re-direct to login_success.php
}
else
{
echo "Something wrong";
}
mysqli_close($con);
}
}
?>
Thank you for your help.
change
if (isset($_POST['login']))
to
if (isset($_POST['commit']))
I tested.
Edit
Also Change (Dont skip previous changes)
$_SESSION['username']= "username";
$_SESSION['password']= "password";
header("login_success.php");
To
$_SESSION['username']= $username;
$_SESSION['password']= $password;
header("Location: login_success.php"); //Proper Redirect Method
1)You need Location: prefix for redirect
2)You used "username" instead of $username
First of all change the first line of your code:
<?php
if (isset($_POST['login']))
to
<?php
if (isset($_POST['username']))
this will give you the option to execute all the code of the page if the user will post at least the username. I'd prefer to go for something even more strict:
<?php
if (isset($_POST['username'])&&isset($_POST['password'])
so you won't run the code if the user doesn't submit both the values. (only username or only password will anyway fail the validation!)
Then: your issue is that you don't retrieve the values from the query.
mysqli_select_db($con, $db);
$result = mysqli_query($con, "SELECT * FROM login WHERE username='$username' and password='$password'");
$count=mysqli_num_rows($result);
if($count==1)
{
is ok to check if you have one and only one result but then you have to add after those lines:
$row=mysqli_fetch_array($result);
$username = $row['username'];
$password = $row['password'];
session_start();
and then edit the following two this way:
$_SESSION['username']= $username;
$_SESSION['password']= $password;
Also note that I wouldn't store the password in $_SESSION array or in any other value in my code and that I'd suggest you to use some encryption method on the password.
I have a form named login that when is submitted sends the fields username and password to a MySQL database to check if they match. I want to echo an error when they don't match.
Here is the PHP code that goes above the form:
if (!isset($_POST['login'])) {
mysql_connect (...);
mysql_select_db (...);
$username = $_POST['username'];
$password = $_POST['password'];
$location = $_POST['location'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM members WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1) {
session_register("username");
session_register("password");
header("Location: $location");
}
else {
echo "Wrong username or password.";
}
mysql_close();
}
And the form:
<form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="location" type="hidden" value="<?php echo $_GET['location']; ?>"/>
<input name="username" type="text" value="Username" onclick="this.value=''"/>
<input name="password" type="text" value="Password" onfocus="this.value='';this.type='password'"/>
<input name="submit" type="submit" value="Login"/>
</form>
If I submit the form with the correct username and password the code works normally.
The problem is that the error message is always present, even before the form is submitted. Any ideas?
change first line to :
if (isset($_POST['username'])) {
if (!isset($_POST['login']))
remove the exclamation mark. So if (isset($_POST['login']))
$_POST['login'] is most likely not set in your script. The aforementioned solution will fix your first bug. Yet, you will not be able to login if $_POST['login'] is not set.
I suggest you check for the post variables that you will use in your script:
if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['location'])) {
// your code
}
I have a login form (HTML -> PHP). I enter the correct details, it then reloads the page and i have to enter the details again. I press submit and then it does it again. On the third time (sometimes the second I think) it actually logs me in.
Any help would be greatly appreciated.
Here is the forms HTML:
<!-- Login Form -->
<form method="post" id="login-form-splash">
<input type="text" class="text" name="username" onfocus="if(this.value == 'Username') { this.value = ''; }" value="Username" />
<input type="password" name="password" class="password" onfocus="if(this.value == 'Password') { this.value = ''; }" value="Password" />
<input type="submit" name="submit" value="Login" class="submit" />
<br />
<span>Lost Password?</span>
<br />
No account yet? Register.<br />
</form>
And here is the PHP actually doing the login:
<?php
//Check if login form was submitted.
if(isset($_POST['submit']))
{
//include important settings and functions.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/config.php');
//Check if both fields were completed.
if($_POST['username'] == '' || $_POST['password'] == '')
{
//Tell them whats wrong.
echo "<script language=\"javascript\">alert('You need to complete both fields.');</script>";
} else
{
//The completed both fields.
//Localise vars.
$username = $_POST['username'];
$password = $_POST['password'];
//Protect against SQL Injection using mysql_prep function. [mysql_prep can be found in ./includes/functions.php]
mysql_prep($username);
mysql_prep($password);
//MD5 Hash the password to check against hashed password in DB.
$password = md5($password);
//Connect to MySQL Database.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/connect.php');
//If connection exists
if(isset($mysql_connection))
{
//Run MySQL Query on DB.
$sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql, $mysql_connection) or die('Cannot Execute:'. mysql_error());
//Check if there is a match. There can only be one.
if(mysql_num_rows($result) == 1)
{
//Create session variables and set values within them.
$_SESSION['username'] = $username;
//Redirect to Members page.
header('Location: members.php');
} else
{
//Username and Password are not correct, or the account doesn't exist.
echo "<script language=\"javascript\">alert('Please check that you have entered the details correctly.');</script>";
}
} else
{
//Database error.
echo "<script language=\"javascript\">alert('There was a database error. Please try again or contact a technician at errors#eatgamesleep.com');</script>";
}
}
}
?>
Maybe you should replace
if(isset($mysql_connection)) {
to just
if($mysql_connection){