$data=mysqli_fetch_array($result) not working - php

I was trying to make a login page in php connected with database of mysql.. below is the html code of the page for login where values are entered and then directed to a second page of php where they are checked..
<html>
<head>
<title>Library Login</title>
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
<form class="box login" method="GET" action="http://localhost/redirect.php">
<label align="center"><font size="6" color="grey">Library System</font></label>
<fieldset class="boxBody">
<label>Username</label>
<input type="text" placeholder="Username" required name="username">
<label><a href="#" class="rLink" tabindex="5" ></a>Password</label>
<input type="password" placeholder="Password" required name="password">
<input type="submit" class="btnLogin" value="Login" name="login">
<input type="reset" class="btnLogin" value="Reset" name="reset" >
<label>
</form>
</html>
</div>
And below is the code for second page where only else condition is executed whatever entry is input... I am new to Php and Mysql... Please help me out...
<?php
$con=mysqli_connect("localhost","root","","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid=$_GET['username'];
$pass=$_GET['password'];
$sql="SELECT *FROM login";
$result=mysqli_query($con,$sql);
while($data=mysqli_fetch_array($result))
{
if($uid==$data['user'] and $pass==$data['pass'])
{
header('location:http://localhost/error/index.html');
}
else
{
header('location:http://localhost/mam.html');
}
}
mysqli_close($con);
?>


OK, as you are dealing with authentication, let's improve your code a little.
<?php
// Do not connect using root, especially when not setting a password:
$con=mysqli_connect("localhost","projectuser","password","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid = $_GET['username'];
$pass = $_GET['password'];
// This is the main problem, there was a typo:
$sql = "SELECT * FROM login";
// Directly ask the DB if the credentials are correct.
// Then you do not need the loop below.
// BUT: Do not forget to escape the data in this case!
$sql .= " WHERE uid = '" . mysqli_real_escape_string($uid) . "' AND pass = '" . mysqli_real_escape_string($pass) . "'";
$result=mysqli_query($con,$sql);
if ($result->num_rows === 1) {
header('location:http://localhost/mam.html');
} else {
header('location:http://localhost/error/index.html');
}
mysqli_close($con);
?>
A further improvement would be to hash (and salt) the password in the database.
Also, as VMai pointed out, the use of prepared statements would be appropriate.

Related

After login can redirect when on localhost, but can't redirect when already deployed

I can't redirect to index.php page after login.
This happens on the website that I have deployed, but it doesn't happen on localhost (Can redirect to index.php).
I deploy website to Microsoft Azure and deploy database to freemysqlhosting.net(free).
I have tried the solutions here and here, but still can't redirect.
And here's the code login.php:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Variant'C - Your Covid Solutions</title>
<link rel="icon" href="../images/logo.ico" type="image/x-icon">
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<?php
require('db.php');
session_start();
// When form submitted, check and create user session.
if (isset($_POST['username'])) {
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con, $password);
// Check user is exist in the database
$query = "SELECT * FROM `users` WHERE username='$username'
AND password='" . md5($password) . "'";
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['username'] = $username;
// Redirect to user dashboard page
header("Location: index.php");
} else {
echo "<div class='form'>
<h3>Incorrect Username/password.</h3><br/>
<p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
</div>";
}
} else {
?>
<form class="form" method="post" name="login">
<h1 class="login-title">Login</h1>
<input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/>
<input type="password" class="login-input" name="password" placeholder="Password"/>
<input type="submit" value="Login" name="submit" class="login-button"/>
<p class="link">New Registration</p>
</form>
<?php
}
?>
</body>
</html>
What's wrong? Is it the code or is it from the deployment?
Thank you in advance :)

Login with php and html

I am making a login page using html and php, i did a simple one which was working fine using these code :
HTML
Login Form
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login">
<div class="login-triangle"></div>
<h2 class="login-header">Login</h2>
<form class="login-container" method="post" action="Login.php">
<p><input type="text" id="username" name="username" placeholder="Username"></p>
<p><input type="password" id="password" name="password" placeholder="Password"></p>
<p><input type="submit" value="Login"></p>
</form>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
</body>
</html>
PHP
<?php
include ("dbconfig.php");
session_start();
$name = mysqli_real_escape_string($dbconfig, $_POST['username']); //to clean up, to avoid sql injection
//$name = md5($name);
$pw = mysqli_real_escape_string($dbconfig, $_POST['password']);
// $pw = md5($pw);
$sql_query="SELECT userid FROM user WHERE username='$name' AND password='$pw'";
$result = mysqli_query($dbconfig, $sql_query);
$row = mysqli_Fetch_array ($result, MYSQLI_ASSOC);
$count = mysqli_num_rows ($result);
if ($count >0){
$_SESSION['Login'] = $name;
header ("location:Welcome.php");
}
if($count == 1)
{
echo "wrong login details";
}
?>
But when i try to do the login with a new html file using the same php file it wont work at all, it keep saying "wrong login details" even though i am putting the right login in.
Here is the new html, i am thinking maybe it has to do with the additional classes which was added.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Kate's World Sign In</title>
<!-- Google Fonts -->
<link href='https://fonts.googleapis.com/css? family=Roboto+Slab:400,100,300,700|Lato:400,100,300,700,900' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="css/animate.css">
<!-- Custom Stylesheet -->
<link rel="stylesheet" href="css/style.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"> </script>
</head>
<body>
<Form method="post" action="Login.php">
<div class="container">
<div class="top">
<h1 id="title" class="hidden"><span id="logo">Log <span>In</span></span></h1>
</div>
<div class="login-box animated fadeInUp">
<div class="box-header">
<h2>Log In</h2>
</div>
<label for="username">Username</label>
<br/>
<input type="text" id="username" name="username" >
<br/>
<label for="password">Password</label>
<br/>
<input type="password" id="password" name="password">
<br/>
<button type="submit">Sign In</button>
<br/>
</div>
</div>
</Form>
</body>
<script>
$(document).ready(function () {
$('#logo').addClass('animated fadeInDown');
$("input:text:visible:first").focus();
});
$('#username').focus(function() {
$('label[for="username"]').addClass('selected');
});
$('#username').blur(function() {
$('label[for="username"]').removeClass('selected');
});
$('#password').focus(function() {
$('label[for="password"]').addClass('selected');
});
$('#password').blur(function() {
$('label[for="password"]').removeClass('selected');
});
</script>
</html>

No, the additional classes should not effect your PHP code.
To solve the problem, you need to see what you are receiving on the PHP side. Stick in a few tests - echo out some data. First, at the very beginning. Then, when you know for sure what is comign through, move your tests down the file a bit. Work out all the bugs, then remove all the tests.
For example, start by modifying your PHP like this:
<?php
session_start();
include ("dbconfig.php");
$name = mysqli_real_escape_string($dbconfig, $_POST['username']); //to clean up, to avoid sql injection
echo 'Name: ' . $name. '<br>';
$pw = mysqli_real_escape_string($dbconfig, $_POST['password']);
echo 'Password: ' . $pw. '<br>';
die();
Then, move down the file a bit and do this:
$sql_query="SELECT userid FROM user WHERE username='$name' AND password='$pw'";
$result = mysqli_query($dbconfig, $sql_query);
$row = mysqli_Fetch_array ($result, MYSQLI_ASSOC);
$count = mysqli_num_rows ($result);
echo 'Rows found: ' .$count. '<br>';
if ($count >0){
echo 'Inside count > 0<br>';
$_SESSION['Login'] = $name;
header ("location:Welcome.php");
}else{
echo 'Inside count ELSE<br>';
echo "wrong login details";
}
Notes:
PHP header() method will not work if other header messages have been sent. Alternative: echo '<meta http-equiv="refresh" content="0; url=http://new.example.com/address" />';
Note McKenzma's observations about your if ($count >0){ code: both IF statements will be true if $count==1.
Note that session_start() should be the very first instruction in your PHP file. See my example code above

You should have used if and else, not if and if.
<?php
$count = mysqli_num_rows ($result);
if ($count >0){
$_SESSION['Login'] = $name;
header ("location:Welcome.php");
} else {
echo "wrong login details";
}
?>

Your 2nd conditional should be "$count != 1". You want to return exactly one row for a successful login.

Login System not fully working - Wrong string outputs

So I have a Login and a Create account form. The create account system works perfectly, sending all the information to mySQL database.
Now, I have written a 'login_user.php' script, which connects to the database, fetches the values of a registered user, and outputs the correct message according to correct or incorrect user input. It looks like the operation runs through the whole code and outputs the last message 'Invalid username or password' every single time, even when there is no input, or wrong username/passwords entered. Below I will provide all of my login form php code. Can you spot any mistakes? Please let me know if you would like a reference to a specific part of the html code.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
$query = mysql_query("SELECT * FROM Client_Information WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows != 0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername){
if($password==$dbpassword){
echo "You are logged in.";
}else{
echo "Invalid password.";
}
}else{
echo "Invalid username.";
}
}else{
echo "This name does not exist.";
}
}else{
echo "Invalid username or password.";
}
?>
HTML CODE:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="chrome=1,IE=edge" />
<title>LOGIN</title>
<link href='http://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
</head>
<body>
<div class="logo"></div>
<div class="login-block">
<h1>Log In</h1>
<form action="login_check.php" method="post">
<input type="text" value="" placeholder="Username" id="username" name="username" />
<input type="password" value="" placeholder="Password" id="password" name="password" />
<button>Log In</button>
Sign Up for New Account?
</form>
</div>
</div>
</body>
</html>

When using $_POST for PHP, you have to reference the input's name attribute, not its id attribute.
<input type="text" value="" placeholder="Username" id="name" name="name" />
<input type="password" value="" placeholder="Password" id="password" name="password" />

php login button that redirects [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I am a real beginner and I made a simple login.php but I want to know how to make the login button redirect to another page. The script I have is:
<php
//Start the Session
session_start();
require('connect.php');
//3. If the form is submitted or not.
//3.1 If the form is submitted
if (isset($_POST['username']) and isset($_POST['password'])) {
//3.1.1 Assigning posted values to variables.
$username = $_POST['username'];
$password = $_POST['password'];
//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
if ($count == 1) {
$_SESSION['username'] = $username;
} else {
//3.1.3 If the login credentials doesn't match, he will be shown with an error message.
echo "Invalid Login Credentials.";
}
}
//3.1.4 if the user is logged in Greets the user with message
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "Hello " . $username . "
";
echo "This is the Members Area
";
?>
<!DOCTYPE html>
<head>
<title>Test Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<!-- Form for logging in the users -->
<div class="register-form">
<php
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
<h1>Login</h1>
<form action="" method="POST">
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="register.php">Signup</a>
<input class="btn register" type="submit" name="submit" value="Login" />
</form>
</div>
<php } ?>
and the page I want it to redirect to is in a called site/form.html located in the parent directory.
Thanks for any and all input!

Just put
header('Location: http:// URL to the Page You Want /');
In where your successful login code is.

Welcome to StackOverflow. If the user doesn't have an account, you would like the button to direct them to a signup page. Right? You could use a javascript onclick event like so.
<button class="btn" type="button" onclick=window.parent.location.href='register.php' target='_parent'>Sign Up!</button>

your old code has quite a few errors. This one fixes most of them, and redirects to form.html.
BTW, the line you want is <form action="form.html" method="POST">
Ok full code:
<?php //Start the Session
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}
else{
echo "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hello " . $username;
echo "This is the Members Area";
?>
<!DOCTYPE html>
<head>
<title>Test Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<!-- Form for logging in the users -->
<div class="register-form">
<?php
if(isset($msg)){
echo $msg;
}
?>
<h1>Login</h1>
<form action="form.html" method="POST">
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="register.php">Signup</a>
<input class="btn register" type="submit" name="submit" value="Login" />
</form>
</div>
<?php } ?>

Log in page form returning empty string to php script

I am creating and application with PHP and MySQL.
I have created two pages. Index.php and login.php (which holds the script for the user log in)
Every time I enter a user that is on the database to log in, it does return that there was no text entered.
I am new at this and I will really appreciate some help.
Here is my code.
Thanks in advance
index.php
<html>
<head>
<meta charset="UTF-8">
<title>Pet Service Catalogue</title>
</head>
<body>
<h1 style="text-align:center;"><img src="cat's paw.jpg" width="150" height="150" alt="cat's paw"/> Welcome to Pet Service Catalogue</h1>
<p style="text-align:center;">Please enter your Log in Details:</p>
<form style ="text-align:center;" name="LogIN" action="log_in.php" method="POST" enctype="multipart/form-data">
<p style="text-align:center;"> Email: <input type="text" name="user_email" value=""/></p>
<p style="text-align:center;"> Password: <input type="password" name="user_password" value="" /></p>
<input type="submit" value="Log In" name="LogIN" />
</form>
<form style="text-align:center;" name="registerprovider" action="registerprovider.php">
<p style="text-align:center;">Not Registered?:</p>
<input type="submit" value="Register Service Provider" name="Register Service Provider" />
</form>
<form style="text-align:center;" name="registerowner" action="registerowner.php">
<input type="submit" value="Register Pet Owner" name="Registerownerbutton" />
</form>
</body>
</html>
login.php
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
// Create connection
$con = mysqli_connect('localhost', 'root', 'root', 'PetServiceCatalogue') or die("Failed to connect to database:" . mysqli_error($con));
//Get user details and put them on varaiables
$user_email = mysqli_real_escape_string($_POST['user_email']);
$user_password = mysqli_real_escape_string($POST['user_password']);
if (!empty($user_email) && !empty($user_password))
{
//look up for user details on the database
$query = "SELECT * FROM owner, provider WHERE email = '$user_email' AND password = SHA('$user_password') ";
$data = mysqli_query($con, $query);
$result = mysqli_num_rows($data);
printf("Number of rows %d \n", $result);
if ($result == 1) {
//The log in has found the user
$row = mysqli_fetch_array($data);
$user_email = $row('email');
$user_password = $row('password');
header("location: ownerhomepage.php");
} else {
//the user name or password are incorrect
echo "Wrong user email and password";
}
}
else
{
echo ' You must enter the user email and user password';
?>
<form name="back to index" action="index.php">
<input type="submit" value="Back to Log in page" name="Back to Log in page" /> </form>
<?php
}
mysqli_close($con);
?>
</body>
</html>

You have the action: action="log_in.php"but you've written its name is login.php
EDIT
Maybe you should try this as the first if statement:
if (trim($user_email)!="" && $user_password!=""){
//YOUR CODE
}

Categories