I can't call variables from my other page PHP - php

<!-- LOGIN -->
<div id="loginContainer">
<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='POST'>
<div id="emailPasswordContainer">
<input type="text" id="loginInputEmail" placeholder="Email" name="emailA" maxlength="35" required></input>
<input type="password" id="loginInputPassword" placeholder="Password" name="passwordA" maxlength="35" required></input>
</div>
<button type="submit" name="submitLogin" value="submit" id="buttonLogin">
<span id="loginText">
Login
</span>
</button>
</form>
<?php
$loginErrorMessage = "";
// start the session and register the session variables
session_start("ProtectVariables");
if(isset($_POST['submitLogin'])) {
$emailLogin = $_POST['emailA'];
$passwordLogin = md5($_POST['passwordA']);
$loginQuery = "SELECT email,password FROM account WHERE email='" . $emailLogin . "' AND password='" . $passwordLogin . "'";
$loginResult = mysql_query($loginQuery,$db);
if(mysql_num_rows($loginResult)==1){
if ($_POST['submitLogin']) {
header("Location: page2.php?page=1");
}
}
else {
$loginErrorMessage = "";
}
}
?>
</div>
This is the code I'm using to login to my website with! But when I get to page2.php?page=1, it won't let me call any of the variables such as $emailLogin or $passwordLogin. The reason I want to use the $emailLogin on page2.php is so I can have it the users first name. I'm not sure if it's a problem with this code or the way I'm calling it on the other page which is just this: echo $emailLogin;
Thank you for your help in advanced! :D


$loginQuery = "SELECT email,password FROM account WHERE email='" . $emailLogin . "' AND password='" . $passwordLogin . "'";
$loginResult = mysql_query($loginQuery);
$admin_row=mysql_fetch_array($loginResult );
if (mysql_num_rows($loginResult ) == 1)
{
session_start();
$getemail=$admin_row['email'];
//session_register("uname");
$_SESSION['logged_user']=$getemail;
header("Location: page2.php?page=1");
}
in page2.php you can print logged user email using below code
<?php
session_start();
echo $_SESSION['logged_user'];
?>

Related

Unable to retrieve data from DB and using $_SESSION variable

I've been working on a project that has to do with renting houses. Visitors can register or log-in, and only logged-in users can Add a house for rental. Each user has his own profile showing his username, email and accommodations he has uploaded for rental.
My problem is that I cannot retrieve the email of the logged in user. Also, on my MySQL DB I'm using a foreign key in my accom(modation) table, which references the primary key(USER-ID) of the users. The key fails to match the USER-ID.
Any advice would be really helpful. Thank you a lot in advance.
Posting some of the code below:
register.php
<?php include('server.php') ?>
<? php
if (isset($_SESSION['username'])) {
$_SESSION['msg'] = "You're now logged in.";
unset($_SESSION["register.php"];
header('Location: user_index.php');
}
?>
<!DOCTYPE html>
<html>
<link href="https://fonts.googleapis.com/css?family=Eater" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="mystyle.css">
<body>
<p id="pagetitle">Booking Planet </p>
<div class="navbar" id="topnav">
<button onclick="document.getElementById('id01').style.display='block'"
style="width:auto;">Login</button>
<button onclick="document.getElementById('id02').style.display='block'"
style="width:auto;">Register</button>
HOME
</div>
<?php
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT * FROM accom");
echo "<p> </p>";
echo "<div class='acclist'> Explore some fairytale destinations.. </div>";
echo "<ul>";
while($row = mysqli_fetch_array($result))
{
$image=$row['image'];
$target = "images/".basename($image);
echo "<img src='" . $target . "' width=800 height=500/>";
echo "<li id='title'><b>" . $row['title'] . "</b></li>";
echo "<li> Description: <i>" . $row['description'] . "</i></li>";
echo "<li> Address: <i>". $row['address'] . "</i></li>";
echo "<li> Available from: <i>" . $row['checkin'] . "</i></li>";
echo "<li> Available until: <i>" . $row['checkout'] . "</i></li>";
?><button onclick="document.getElementById('id01').style.display='block'"
type='button' class='bookbtn'>Log-in to book now!</button>
<?php
echo "<li><img src='sepline.png' width=1500 height=75> </li>";}
echo "</ul>";
mysqli_close($db);
?>
</div>
<div id="id01" class="modal">
<? php include('errors.php'); ?>
<form action="" method="post" class="modal-content animate" name="login" >
<div class="logocontainer"> Booking Planet
</div>
<h3> Account Log-in. </h3>
<div class="container">
<? php echo $errors; ?>
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password"
required>
<button type="submit" name="login_user">Login</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl1">Cancel</button>
</div>
</form>
</div>
<!-- REGISTRATION -->
<div id="id02" class="modal">
<form action="" method="post" class="modal-content animate" name="register"
>
<div class="logocontainer"> Booking Planet
</div>
<h3> Create an account. </h3>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Name</b></label>
<input type="text" placeholder="Enter your Name!" name="name" required>
<label><b>Surname</b></label>
<input type="text" placeholder="Enter your Surname!" name="surname" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
<label><b>Email</b></label>
<input type="email" placeholder="Enter Email" name="email" required>
<div class="avatar"><label>Select your avatar: </label>
<input type="file" name="avatar" accept="image/*" required />
<button type="submit" name="reg_user">Register</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl2">Cancel</button>
</div>
</form>
</div>
<script src="myscripts.js"></script>
</body>
</html>
user_index.php: is pretty much similar to register.php, it's where people who have registered or logged-in are redirected. I'm posting the beginning of the code.
<?php include('server.php'); ?>
<?phpinclude('auth.php');
session_start();
if ($_SESSION['username']<1) {
session_destroy();
unset($_SESSION['username']);
header("Location: register.php");
}
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT email FROM users WHERE
username='$_SESSION['username']'");
$row = mysqli_fetch_array($result);
$_SESSION['email'] = $result;
$username = $_SESSION['username'];
$_SESSION['id']=$id;
header("Location: server.php");
?>
server.php: contains the validation for registration and logging-in. Also, links to the DB. I will be skipping the validation parts.
<?php
session_start();
$email=$_SESSION['email'];
// initializing variables
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
//...validationon code
//once no errors, register user
if (count($errors) == 0) {
$password = md5($password);//encrypt the password before saving in the
database
$query = "INSERT INTO users (username, email, password, name, surname)
VALUES('$username', '$email', '$password', '$name', '$surname')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}
}
// LOGIN USER
$msg = '';
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND
password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
session_start();
$_SESSION['email']=$row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['id']= $id;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}else {
echo $msg;
}
}
}
auth.php
<?php
session_start();
if(!isset($_SESSION["username"])){
echo $errors; }
?>
For any additional information you might need, please feel free to ask anything.
I am genuinely sorry for the block of text and code.

$_POST [] array is empty after submission

So $_POST['acc'], and $_POST['psw'] can't get data from the form for some reason, they are empty all the time.
html:
<div id="signUp_UI">
<form id="su_form" action="<?php echo url_for('/sign_up.php')?>" method="post" enctype="multipart/form-data">
YYQ<br><br>
Account Name<br>
<input type="text" placeholder="Account Name" id="an" name="acc">
<br><br>
Passward<br>
<input type="password" placeholder="Password" id="password" name="psw">
<br><br>
<input type="button" name="goback" value="Go Back" id="gb_button">
<input type="submit" value="Sign Up" id="su_button2">
</form>
</div>
php:
$an = isset($_POST['acc']) ? $_POST['acc'] : '';
$psw = isset($_POST['psw']) ? $_POST['psw'] : '';
$sql = "INSERT INTO log_in (account, password) VALUES ('". $an . "'," . "'" . $psw . "')";
$result = mysqli_query($db, $sql);
if($result){
$new_id = mysqli_insert_id($db);
redirect_to(url_for('/home.php?id=') . $new_id);
}
else{
echo mysqli_error($db);
db_disconnect($db);
exit();
}
Update:
So if I change php code to:
if(is_post_request()){
$an = isset($_POST['acc']) ? $_POST['acc'] : '';
$psw = isset($_POST['psw']) ? $_POST['psw'] : '';
$sql = "INSERT INTO log_in (account, password) VALUES ('". h($an) . "'," . "'" . h($psw) . "');";
$result = mysqli_query($db, $sql);
if($result){
echo '$an = ' . $an .'<br>';
echo '$psw = ' . $psw;
}
else{
echo mysqli_error($db);
db_disconnect($db);
exit();
}
then I got the result:
$an =
$psw =
UPDATE:
So I tried to detect isset($_POST['submit']) in php file, the result is $_POST['submit'] does not exist.
So it's like after I've submit the form, it isn't been sent to the php file for some reason.
UPDATE 3.0:
So if i change method to get, everything works find! I don't know why is that.
html:
<div id="signUp_UI">
<form id="su_form" action="<?php echo url_for('/sign_up.php'); ?>" method="get">
YYQ GameStation<br><br>
Account Name<br>
<input type="text" placeholder="Account Name" id="an" name="account">
<br><br>
Password<br>
<input type="password" placeholder="Password" id="password" name="password">
<br><br>
<input type="button" name="goback" value="Go Back" id="gb_button">
<input type="submit" name = "submit" value="Sign Up" id="su_button2">
</form>
</div>
php:
if(isset($_GET['submit']) && !empty($_GET['submit'])){
$an = isset($_GET['account'])?$_GET['account']:'';
$psw = isset($_GET['password'])?$_GET['password']:'';
$sql = "INSERT INTO log_in (account, password) VALUES ('". h($an) . "'," . "'" . h($psw) . "');";
$result = mysqli_query($db, $sql);
if($result){
redirect_to(url_for('/home.php'));
}
else{
echo mysqli_error($db);
db_disconnect($db);
exit();
}

Alright, according to sources I've found, it seems that there is something wrong with phpstrom build-in server. POST method somehow just doesn't work.
Reference ~ https://intellij-support.jetbrains.com/hc/en-us/community/posts/206999125-PhPStorm-10-does-not-allow-POST-method

Why you need to do this?
<form id="su_form" action="<?php echo url_for('/sign_up.php')?>" method="post" enctype="multipart/form-data">
Can you try to replace this
from:
action="<?php echo url_for('/sign_up.php')?>"
to:
action="sign_up.php"

Form wont submit to handler in different part of website

Alright so, I've been racking my brain, searching the web and I just can't find an answer.
I have my form, pretty easy etc.
<form id="loginForm" method="post" autocomplete="on" action="sign/in">
<fieldset id="body">
<fieldset>
<input name="email" type="text" placeholder="User Name / Email" id="email" autocomplete="email" required>
</fieldset>
<fieldset>
<input name="password" type="password" placeholder="Password" id="password" autocomplete="password" required>
</fieldset>
<input type="submit" id="login" data-url="sign/in" value="Log In">
</fieldset>
<span>Forgot your password?</span>
</form>
However, when it submits, the Variable $_POST["email"] doesn't get submitted (and $_POST["password"] too..) Anyone have any idea why this is?
It works fine when I send it via GET method.
But for obvious reasons i'm not doing that.
Any help would be appreciated!
==EDIT==
Here is the PHP Code. Keep in mind, its just temp code so its messy.
<?php
session_start();
include("config.php");
if(!isset($_POST['email']))
{
echo "File Not Found";
}
else
{
$u = mysql_real_escape_string($_POST["email"]);
$p = hash(whirlpool, mysql_real_escape_string($_POST['password']));
$q = mysql_query("SELECT uid FROM users WHERE email='$u' AND password='$p' LIMIT 1");
//if ($num_rows == 1)
if (mysql_fetch_array($q, MYSQL_ASSOC))
{
setcookie('email', $_POST['email'], time() + 2147483647, "/");
setcookie('password', hash(whirlpool, $_POST['password']), time() + 2147483647, "/");
$_SESSION['logged'] = 1;
$qSessions = mysql_query("SELECT * FROM users WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
$iSessions = mysql_fetch_row($qSessions);
$_SESSION['uid'] = $iSessions[0];
mysql_query("UPDATE users SET lastip='".$_SERVER['REMOTE_ADDR']."' WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
mysql_query("UPDATE users SET status=1 WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
setcookie('status', $_SESSION['status'], time() + 2147483647);
header("location:index.php");
}
else
{
echo "Sorry, there is no registered account with that email or the password is incorrect. Please login again.<br />";
echo "<a href='index.php'>Home</a>";
}
}
?>

else part of if statement always been run when if (mysql_num_rows($result) > 0) {

I have created a login form cannot get it to work.
My select statement is correct (works on the database) and the echo from $query resolves the following (for example)
SELECT * FROM users WHERE email = 'test#test.com' AND password = password
However in the if statement underneath it always process' the following code
else
{
echo "Your login is invalid";
echo $_POST['username'];
}
The full code is below
<?php
require_once __DIR__ . ('/../config/init.php');
?>
<!DOCTYPE html>
<html>
<head>
<?php
include INCLUDES . 'head_tags.php';
?>
</head>
<body>
<div class='container'>
<?php
include INCLUDES . 'header.php';
include INCLUDES . 'nav.php';
?>
<div class='two-thirds column'>
<h2>Login</h2>
<form action='#' method='post'>
<div>
<label for="username">Username (E-email address):</label>
<input type='text' id="username" name='username' placeholder='Username' autocomplete='on' required>
<label for="password">Password:</label>
<input type='password' id='password' name='password' placeholder='Password' autocomplete='on' required>
</div>
<div>
<?php
if($_POST){
$connection = mysql_connect($db['hostname'], $db['username'], $db['password']) or die(mysql_error());
mysql_select_db($db['database'], $connection) or die(mysql_error());
/*Echo's to check correct data is being used
echo $_POST['username'];
echo $_POST['password'];*/
$email = mysql_real_escape_string($_POST['username']);
$query = "SELECT * FROM users WHERE email = '$email' AND password = ".$_POST['password']."";
echo $query;
$result = mysql_query($query) or die('Query failed: ' . mysql_error() . "<br />\n$query");
if (mysql_num_rows($result) > 0) {
echo "You have successfully logged on";
}
else
{
echo "Your login is invalid";
echo $_POST['username'];
}
}
?>
</div>
<input type='submit' value='submit'>
</form>
</div>
</div>
<?php
include INCLUDES . 'footer.php';
?>
Thanks

Missign quotes at password.
$query = "SELECT * FROM users WHERE email = '" . $email . "' AND password = '" . $_POST['password'] . "'";
Real_escape_string() has to be used to password too and, of course, you have to hash passwords, now your query is not protected from SQL injection.

Passing variables through 3 pages

I've spent a lot of time looking for something that could help me doing this:
I have 3 pages, one called login.php, another called trataLogin.php and another called index.php.
The login and trataLogin page is working perfectly but when I try to call a variable into the index.php from login I can't do it.. I don't know what else to do it.
This is my login.php
<?php
require_once('connection/dbconnection.php');
session_start();
?>
...
<form name="form" action="trataLogin.php" method="post">
<input type="text" name="username" placeholder="username" /><br/>
<input type="password" name="password" placeholder="password" /><br/>
<br/>
<br/>
<input type="submit" value="login" />
</form>
trataLogin.php
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
$username = $_POST['username'];
$password = sha1($_POST['password']);
$query = "SELECT * FROM utilizadores WHERE username = '" . $username . "' AND password = '" . $password . "'";
$admin='';
$result = $conn->query($query);
if ($result->num_rows > 0) {
$_SESSION['verifica_login'];
$row = $result->fetch_assoc();
if ($row['admin'] == 1) {
$admin = true;
header('Location:admin.php');
} elseif($row['admin'] == 0){
$admin = false;
header('Location:index.php');
} else {
$_SESSION['verifica_login']="Username ou password incorretos";
}}
?>
and in index.php I have this
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
?>
and somewhere below in index.php I've something that it was suppose to print the username of the person who logged in
<?php echo $_SESSION['username']; ?>

You're overwriting your $_SESSION in index.php:
Remove that part
$_SESSION['dadoslogin']=$_POST;
And echo your variable like this:
echo $_SESSION['dadoslogin']['username'];

Categories