I have a login section in my main page I called this section as a seperated part it contains the following code :
<?php
if($_POST['submit'])
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password);
$users = $GLOBALS['db']->query("SELECT * FROM users WHERE email='$email' AND password='$password'") or $GLOBALS['db']->raise_error(); // Leaving 'raise_error()' blank will create an error message with the SQL
$users_number = $GLOBALS['db']->num_rows($users);
if(!empty($users_number))
{
while($users_sql = $GLOBALS['db']->fetch_array($users))
{
$is_banned = $users_sql['is_banned'];
// To check blocked users
if($is_banned == 1)
{
$_SESSION['login_error_msg'] = "this users is blocked.";
header('Location:./');
}
else
{
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
header('Location:./');
}
}
}
else
{
$_SESSION['login_error_msg'] = "Wrong username or password";
header('Location:./');
}
}
else
{
?>
<table class="fast_login_container">
<tr>
<td>
<form name="login_form" action="./" method="post">
<table class="fast_login" border="0">
<tr>
<colspan="3">
<?php
if($_SESSION['login_error_msg'])
{
echo $_SESSION['login_error_msg'];
}
?>
</td>
</tr>
<tr>
<td>
<input name="email" type="email" placeholder="Kullanıcı adı" />
</td>
<td>
<input name="password" type="password" placeholder="Parola"/>
</td>
<td >
<input name="submit" type="submit" value="Giriş"/>
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
}
?>
This code create the login form and when the user enters the email and password I check them in the same page in the php part.
My problem If I have a wrong email or password I should show an error message for that I save the error message in a session variable and call it in the html part after redirecting to the main page(where the login form is).
I can not show the error message. I print the session array befor the header('location:./') and after it ; befor it prints the error message after it does not print any thing.
PS: the session_start() is in the header file which I include it as following :
<?php
session_start();
?>
<body>
<table class="body_table" border="1">
<tr><td><?php include_once("include-parts/header_parts.php")?></td></tr>
The login part is in header_parts.php .
what should I edit here to get the error messages???
The problem is php unables to set session just before redirect to other page. You should use session_write_close() before each header("") function. e.g.
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
session_write_close();
header('Location:./');
Related
<?php
session_start();
include_once 'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header("Location: home.php");
}
if (isset($_POST['btn-login'])) {
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res = mysql_query("SELECT * FROM telecomt_user WHERE email='$email'");
$row = mysql_fetch_array($res);
if ($row['password'] == md5($upass)) {
$_SESSION['user'] = $row['user_id'];
header("Location: home.php");
} else {
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
This is my code for fetching data from database to let the user to log in by email and password. My table name is "telecomt_user".
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td><input type="text" name="email" placeholder="Your Email" required /> </td>
</tr>
<tr>
<td><input type="password" name="pass" placeholder="Your Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="btn-login">Sign In</button></td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
And this my html form code. The code works fine in localhost but when I uploaded it to my server it does not work. It always executes this line:
<script>alert('wrong details');</script>
Is it problem in my database? But I am using the same name and pattern what I used in my localhost and also my sign up form works with the same database. My "dbconnect.php" file is also okay. What is the problem?
instead of $row['password'] , can you try to type the column of the password in the string, for example $row[0] (if password column is the first column).
I think you have to put break point in each condition like
if(your condition){
echo "something";exit;
}else{
echo "nothing";exit;
}
Better to do checking on query only email and password
$res=mysql_query("SELECT * FROM telecomt_user WHERE email='$email' AND password='md5($upass)'");
$row=mysql_fetch_array($res);
Now condition login or not
if(count($row)>=1){
//login
}else{
// credentials wrong message
}
i am new in php and i m creating a login system in my website every thing is working fine but 2 error are appearing in top of my website in every page,
Undefined index: email in C:\Apache24\htdocs\checkup.php on line 10
i have checked my mysql schema and coding but unable to find error please suggest me something to solve this error.
This is checkup.php page codding
<?php
include('dbconn.php');
if(!isset($_SESSION))
{
session_start();
}
$user_check= $_SESSION['email'];
$sql = mysqli_query($db,"SELECT fullname, email FROM register WHERE email='$user_check' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user = $row['email'];
$msguser = $row['fullname'];
?>
and this is login.php & loginconn.php page
<html>
<head>
<title>online shopping</title>
<?php
include 'header.php';
include 'dbconn.php';
include 'loginconn.php';
if ((isset($_SESSION['email']) != ''))
{
header('Location: index.php');
}
?>
<body>
<br>
<fieldset class="login_div">
<legend>User Login</legend>
<form method="POST" action="" >
<table border="0" cellspacing="10" >
<tr>
<td><?php echo $error; ?></td>
</tr>
<tr>
<td width="279"><center> <label>Email:</label></td>
<td width="385"><input type="text" id="email" name="email" placeholder="email"></td>
</tr>
<tr>
<td><center> <label>Password:</label></td>
<td><input type="password" name="password" placeholder="password"/></td>
</tr>
<tr>
<td colspan="2"><input class="loginbtn" type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
</fieldset>
</body>
</html>
<?php
include("dbconn.php");
$error = "";
if(isset($_POST["submit"]))
{
if(empty($_POST["email"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
$email=$_POST['email'];
$password=$_POST['password'];
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysqli_real_escape_string($db,$email);
$password = mysqli_real_escape_string($db,$password);
$password = md5($password);
$sql="SELECT id FROM register WHERE email='$_POST[$email]' and password='$_POST[$password]'";
$result= mysqli_query($db,$sql);
$row= mysqli_fetch_array($result, MYSQLI_ASSOC);
if( mysqli_num_rows($result) == 1)
{
$_SESSION['email'] = $email;
header("location: index.php");
}
else
{
$error = "Incorrect username or password.";
}
}
}
?>
you missed session_start() function call in file loginconn.php. Add the same code as in checkup.php:
if(!isset($_SESSION))
{
session_start();
}
How do you call checkup.php php page ?
Add the action: <form method="POST" action="checkup.php" > on your login page.
And test before any other test that the form has been submitted :
if(isset($_POST["submit"])) { // other tests }
More important, you've forgotten the session_start at the beginning of the page :
session_start();
This will maintain the session and the variables of it.
I have the following PHP script for login. When I type valid credentials then it does not redirects to index.php. It simply reloads the page But when I type wrong credentials it gives me message which is OK.
My PHP code is as follows:
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$sel_user = "SELECT * FROM `we_admins` WHERE admin_username = '$username' AND admin_password = '$password'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
while($row = $run_user->fetch_assoc()) {
$_SESSION['admin_id'] = $row['admin_id'];
$_SESSION['admin_id'];
}
if($check_user>0){
$_SESSION["admin_username"]=$username;
header('location: index.php');
}
else {
echo "<script>alert('Username or password is not correct, try again!')</script>";
}
}
I have a function for those users which are not logged in and it is seems to be fine also(I think), which I have called on every page of the project.
PHP code to check logged in as follows:
function is_logged_in() {
global $con;
if(!isset($_SESSION['admin_username'])){
header('Location: login.php');
}
}
I think, luthando-loot is right. The Location is case-sensitive.
Try to replace: header('location: dashboard/index.php');
with: header('Location: dashboard/index.php');
And, for better comprehension, use absolute path, like explained in this document.
Else, it could be that something is already sent to the user, so you cannot modify the header anymore.
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
(from the PHP header function page)
And after a header('Location: ...');, you have to use the exit; function.
header("Location: http://www.example.com/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
The condition for the redirect is looking for a different $_SESSION variable (admin_username not client_username) - so the conditional redirect is triggering when you try to redirect on successful login.
Change the if statement in your redirect to
if(!isset($_SESSION['client_username'])){
In function is_logged_in , you are checking
$_SESSION['admin_username'],
but in login page you have
$_SESSION["client_username"]=$username
maybe problem is there
Make sure you put session_start(); at top of each script
and in the login script put:
if(isset($_SESSION['admin_username'])){
header("location: index.php");
}
There was some extra sessions assignments. And the while loop was useless.
Reshaped the code.
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$sel_user = "SELECT * FROM `we_admins` WHERE admin_username = '$username' AND admin_password = '$password'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user<0){
echo "<script>alert('Username or password is not correct, try again!')</script>";
exit;
}else{
$row = $run_user->fetch_assoc();
$_SESSION["admin_id"] = $row['admin_id'];
$_SESSION["admin_username"] = $row['admin_username'];
header('location: ./index.php');
exit;
}
}
I check this code it works fine.
session_start();
include('conn.php');
if(isset($_POST['submit']))
{
$email = $_POST["email"];
$password=$_POST["password"];
if (empty($password)) {
$error['password'] = "Password number is required";
}
if (empty($email)) {
$error['email'] = "Email is required";
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error['email'] = "Invalid email format";
}
}
if(!$error)
{
$sql="SELECT * FROM users WHERE email='$email' and password='$password'";
//echo $sql;
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$count=mysql_num_rows($result);
if($count==1)
{
$_SESSION['user_id']=$row['user_id'];
$_SESSION['login_user']=$email;
$_SESSION['img']=$row['pro_img'];
$_SESSION['name']=$row['name'];
header("location: view_topic.php");
}
else
{
$error['page']="Your Login Name or Password is invalid";
}
} }
?>
<link rel="stylesheet" type="text/css" href="jquery.tablescroll.css"/>
<body style="background-color:#E0FFFF">
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="POST" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="5" bgcolor="#FFFFFF">
<tr>
<td colspan="3" bgcolor="#E6E6E6"><strong>Login</strong> </td>
</tr>
<tr><span class="error"> <?php echo $error['page'];?></span></tr>
<tr>
<td width="14%"><strong>Username:</strong></td>
<td width="2%">:</td>
<td width="84%"><input type="text" name="email" /> <span class="error">* <?php echo $error['email'];?></span></td>
</tr>
<tr>
<td valign="top"><strong>password</strong></td>
<td valign="top">:</td>
<td width="84%"><input type="password" name="password" /> <span class="error">* <?php echo $error['password'];?></span></td>
</tr>
<td> </td>
<td> </td>
<td><input type="submit" value="Login" name="submit" /> </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
I am new to PHP code and here I want to display an error message in login.php if the user entered incorrect userid or password.below I have written two-page code. login.php page submits the username and password to the check.php page. if username and password are correct then it redirects to the xyz.php else to the login page.
login.php //login page
<form name="login" enctype="multipart/form-data" action="checkpage.php" method="post">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<th>Username</th>
<td><input type="text" name="username" value="sandeep" onfocus="this.value=''" class="login-inp" /></td>
</tr>
<tr>
<th>Password</th>
<td><input type="password" name="password" class="login-inp" /></td>
</tr>
<tr>
<th></th>
<td valign="top"><input type="checkbox" class="checkbox-size" id="login-check" /><label for="login-check">Remember me</label></td>
</tr>
<tr>
<th></th>
<td><input type="submit" class="submit-login" /></td>
</tr>
<tr><th></th><td>w want to display error message here..</td></tr>
</table></form>
checkpage.php //connection page
<?php
session_start();
//connecting to db
$username=$_POST['username'];
$pwd=$_POST['password'];
$q="select *from xyz where username='$username' AND password='$pwd'";
$qry=mysql_query($q);
if(mysql_num_rows($qry)>0)
{
$_SESSION['username']=$username;
echo "<script>window.open('xyz.php','_self')</script>";
}
else{
header("location:login.php");
}
?>
the above code work fine but i want to display the error message how could i display the error message. please guide me.
You can set the message to session in your check.php script and then unset immediately after getting it for display (AKA "read once"):
$_SESSION['message'] = 'Your message';
and then (in login.php, where you want the message to be displayed):
if (isset($_SESSION['message']))
{
echo $_SESSION['message'];
unset($_SESSION['message']);
}
Give a space between * and from in query.
$q="select * from xyz where username='$username' AND password='$pwd'";
For error message you can set a flag like error= 1
header("location:login.php?error=1");
and in login.php you can check this flag and display a message like
<?php If(isset($_GET['error']) && $_GET['error'] == 1){ ?>
<h3>Invalid username or password</h3>
<?php } ?>
You can set a session of error and display it in login.php and unset it after displaying.
but donot forget to use session_start in both pages
session_start(); //on top of page
before header code add $_SESSION['error'] = "you message here"
in login.php
<?php if(isset($_SESSION['error'])) {
echo $_SESSION['error'];
}
?>
else {
echo 'invalid username or password';
header("location:login.php");
}
if ($result->num_rows > 0)
{
$result = $result->fetch_assoc();
$_SESSION['id_admin'] = $result['id_admin'];
$_SESSION['email'] = $result['email'];
$_SESSION['name'] = $result['name'];
$_SESSION['surname'] = $result['surname'];
$_SESSION['pass'] = $result['pass'];
header('Location: http://localhost/admin/dashboard.php');
exit();
}
else
{
echo '<div class="alert alert-danger">
Close X
<p><strong>Alerta!</strong></p>
Email or password wrong! Please try again!.
</div>';
}
$conn->close();
}
?>
Use Echo and include it at last thing on your page !!
<?php
//put it in the end of your php code
else {
echo 'your message ';
}
?>
Here is the code that how you can display error messages in your code.
<?php
if(isset($_POST['Username'])){
//session_start();
$username = $_POST['Username'];
$password = $_POST['Password'];
//$r = mysqli_num_rows(mysqli_query($conn,"select * from user where u_nm='".$username."' and password='".$password."'"));
$rs = mysqli_query($conn,"select * from user where Username='".$username."' and Password='".$password."'");
$cnt = mysqli_num_rows($rs);
//echo $username;
//echo $password;
//echo $cnt;
if($cnt >= 1)
{
$_SESSION['username'] = $username;
header("Location:lessons.php");
}
else
{
$msg = "<center><h4>Username or Password are not correct, try again.</center></h4>";
header("Location:login.php?msg=$msg");
}
}
?>
Here is a problem i am having.
I have a loginform.php and when the user clicks the login button I want to display an error message on the same 'loginform.php' on my '#diverror' div if the user dose not exist.
loginform.php
<form method="post" action="login.php">
<div style='width:500px;margin:auto;border:2px solid darkgrey;margin-top: 50px;'>
<table id='logintable'>
<tr>
<td colspan="2" style='text-align: center;font-weight: bold;'>Login</td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><button type= submit>Login</button></td>
</tr>
</table>
<div id="diverror"> </div>
</div>
</form>
login.php
<?php
require 'connect.php';
$username= $_POST['username'];
$password= $_POST['password'];
$sqlcommand = "SELECT * FROM user WHERE username = '$username'";
$result = mysql_query($sqlcommand,$db);
include 'loginform.php';
if(mysql_num_rows($result)>=1)
{
$row = mysql_fetch_assoc($result);
$dbpass = $row['password'];
$dbuser = $row['username'];
$dbactive = $row['active'];
$_SESSION['username']=$dbuser;
header ('Location: index.php');
}
else // If the user dose not exist,
{
//Display this message on the loginform.php > #diverror
}
?>
Store error message in SESSION...
else // If the user dose not exist,
{
$_SESSION['msg']="User does not exist";
header("Location: loginform.php");
exit();
}
then just echo SESSION variable, after displaying message you need to unset session variable.
<div id="diverror">
<?php echo $_SESSION['msg'];
unset($_SESSION['msg']); ?>
</div>
NOTE: must start session at the beginning of the both files..
session_start();
To avoid this showing up even when a user has not logged in yet, use
<div class="text-error ">
<?php
session_start();
if (isset($_SESSION['msg']))
{
echo $_SESSION['msg'];
}
unset($_SESSION['msg']); ?>
</div>
This way, error will only show up if msg has been set and this can only happen when user submits.