I have this little code, which in fact is a login script which check if the register is on, and show it after the login button:
<?php
include("../inc/db.php");
if(isset($_POST['user']) && isset($_POST['pass']))
{
$password = $_POST['pass'];
$username = $_POST['user'];
$sql = "SELECT * FROM `users` WHERE `user` = '".$username."' AND `password` = '".$password."'";
$rez = $pdo->query($sql);
if($rez->fetchColumn() > 0)
{
...
}
else {echo '<p align="center">...</p>';}
}
else { echo '<p align="center">...</p>'; }
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="login">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
<?php $sql = "SELECT setare FROM setari WHERE nume_setare = 'OPEN_REG'";
$openreg = $pdo->query($sql)->fetch();
if($openreg['setare'] == 1)
{
?>
<tr>
<td> </td>
<td> </td>
<td>Inregistrare</td>
</tr><?php } ?>
</table>
</td>
</form>
</tr>
</table>
My problem is this line:
include("../inc/db.php");
Warning: include(E:/wamp/www//inc/db.php): failed to open stream: No such file or directory in E:\wamp\www\proiect1-test\scripts\login.php on line 3
Warning: include(): Failed opening '../inc/db.php' for inclusion (include_path='.;C:\php\pear') in E:\wamp\www\proiect1-test\scripts\login.php on line 3
and i can't figure it out where i'm wrong. The path is correct, and if i hit the login button, it works.If i hit login button with an inccorect combination of username and password, the warning disappear. However, it doesn't include that when i open it for the first time. This login file is included in the index of the site.
Your path to that file is obviously incorrect. This commonly happens when you use a relative path to a file and then start placing files in different directories. You should use the full system path to the file to avoid this issue:
include("/path/from/root/to/inc/db.php");
A common thing to do is define a variable or constant that defines the root path to your web files. That way if it ever changes (i.e. you change hosts) you only need to change it in one place.
In your config file:
define('ROOT_PATH', '/path/from/root/to/');
In your PHP files;
include(ROOT_PATH . "inc/db.php");
Related
I have this little code, which in fact is a login script which check if the register is on, and show it after the login button:
<?php
include("../inc/db.php");
if(isset($_POST['user']) && isset($_POST['pass']))
{
$password = $_POST['pass'];
$username = $_POST['user'];
$sql = "SELECT * FROM `users` WHERE `user` = '".$username."' AND `password` = '".$password."'";
$rez = $pdo->query($sql);
if($rez->fetchColumn() > 0)
{
...
}
else {echo '<p align="center">...</p>';}
}
else { echo '<p align="center">...</p>'; }
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="login">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
<?php $sql = "SELECT setare FROM setari WHERE nume_setare = 'OPEN_REG'";
$openreg = $pdo->query($sql)->fetch();
if($openreg['setare'] == 1)
{
?>
<tr>
<td> </td>
<td> </td>
<td>Inregistrare</td>
</tr><?php } ?>
</table>
</td>
</form>
</tr>
</table>
My problem is this line:
include("../inc/db.php");
Warning: include(E:/wamp/www//inc/db.php): failed to open stream: No such file or directory in E:\wamp\www\proiect1-test\scripts\login.php on line 3
Warning: include(): Failed opening '../inc/db.php' for inclusion (include_path='.;C:\php\pear') in E:\wamp\www\proiect1-test\scripts\login.php on line 3
and i can't figure it out where i'm wrong. The path is correct, and if i hit the login button, it works.If i hit login button with an inccorect combination of username and password, the warning disappear. However, it doesn't include that when i open it for the first time. This login file is included in the index of the site.
Your path to that file is obviously incorrect. This commonly happens when you use a relative path to a file and then start placing files in different directories. You should use the full system path to the file to avoid this issue:
include("/path/from/root/to/inc/db.php");
A common thing to do is define a variable or constant that defines the root path to your web files. That way if it ever changes (i.e. you change hosts) you only need to change it in one place.
In your config file:
define('ROOT_PATH', '/path/from/root/to/');
In your PHP files;
include(ROOT_PATH . "inc/db.php");
I am trying to upload image in a insert post form using a database with php and mysql. I hosted the website. after hosting, i tried to insert data, but it throws the following errors:
Warning: move_uploaded_file(images/Penguins.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in C:\inetpub\vhosts\srkv9093.com\testsrkv\insert_post.php on line 75
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\Windows\Temp\phpC2A4.tmp' to 'images/Penguins.jpg' in C:\inetpub\vhosts\srkv9093.com\testsrkv\insert_post.php on line 75
The code
<body>
<div>
<h2>Logout</h2>
<h2>View Post</h2>
</div>
<form method="post" action="insert_post.php" enctype="multipart/form-data">
<table width="600" align="center" border="0">
<tr>
<td align="center" colspan="6" bgcolor="white">
<h1>Insert New Post Here</h1>
</td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title"></td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author"></td>
</tr>
<tr>
<td align="right">Post Keywords:</td>
<td><input type="text" name="keywords"></td>
</tr>
<tr>
<td align="right">Post Image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr>
<td align="right">Post Content:</td>
<td><textarea name="content" cols="30" rows="15"></textarea> </td>
</tr>
<tr>
<td align="center" colspan="6"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
<?php
include("includes/connect.php");
if(isset($_POST['submit'])) {
$post_title = $_POST['title'];
$post_date = date('d-m-y');
$post_author = $_POST['author'];
$post_keywords = $_POST['keywords'];
$post_content = $_POST['content'];
$post_image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if($post_title=='' or $post_keywords=='' or $post_content=='' or $post_author=='' or $post_date=='') {
echo "<script>alert(Some field is empty')</script>";
exit();
}
move_uploaded_file($image_tmp, "images/$post_image");
$insert_query = "insert into posts (post_title, post_date, post_author, post_image, post_keywords, post_content) values ('$post_title', '$post_date', '$post_author', '$post_image', '$post_keywords', '$post_content')";
if(mysql_query($insert_query)) {
echo "<center><h1>Post Published Successfully!</h1></center>";
}
}
?>
Just to be curious, is your website hosted in a windows server or a linux server? Only then one can answer the question comprehensively
i could have commented but apparently, someone has upped the reputation for commenting,
From your path, I guess you are working on Window host.
So, you need to set writing permission of "images" folder to the "Everyone User" account. (or at least the internet guest account)
You can refer this link for how to work. http://www.web-site-scripts.com/knowledge-base/article/AA-00427/0/Setup-correct-files-and-folders-access-permissions-efficiently.html
I am having problems with this, when i login with valid data, the page just refreshes (i am assuming that the if statement in protectedstuff.php failed). When i used the deprecated method to register the session and check if it exists, it worked if(!session_is_registered(myusername)).
Oh and also I am able to see a cookie was created "PHPSESSID".
what am I doing wrong?
login.php ->
<?php
if($_POST){
$errorLogin="Wrong Username or Password";
$link = mysqli_connect('localhost', 'root', '', 'mydb')
or die('Could not connect: ' . mysqli_error($link));
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$sql_query="SELECT * FROM users WHERE username='$myusername' and password='$mypassword';";
$result = mysqli_query($link, $sql_query) or die('query failed'. mysqli_error($link));
$row = mysqli_fetch_assoc($result);
$dbUserName= $row['username'];
$dbPassword= $row['password'];
// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword,
if($myusername==$dbUserName && $mypassword==$dbPassword){
// Register $myusername, and redirect to file "login_success.php"
//session_register("myusername"); <- deprecated
$_SESSION['myusername']=$myusername;
header("location:protectedstuff.php");
}else {
echo $errorLogin;
}
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
the usernames and passwords are already in the database.
This is my protectedstuff.php
<?php
session_start();
if(!isset($_SESSION['myusername']))
{
header("location:login.php");
}
else{
?>
<html>
<body>
Login Successful
</body>
</html>
<?php
}
?>
Thank you!
I don't see a session_start() above your $_POST block. You must call that on every page BEFORE any output is sent
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 years ago.
Dear friends i am having strange error which i am unable to solve, need your help. The code is working fine when login is incorrect and when login is correct it still creates a session but do not redirect to index.php instead it throws an error of "Cannot modify header information - headers already sent by...". I already search for similar posts but was not able to solve the issue
here is the code
<?php include ("scripts/connection.php");
session_start();
$myusername = $_POST["myusername"];
$myusername = preg_replace('/[^a-zA-Z0-9\']/','',$_POST['myusername']);
$mypassword = $_POST["mypassword"];
$mypassword = preg_replace('/[^a-zA-Z0-9\']/','',$_POST['mypassword']);
$LoginQuery = "SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Admin Login</title>
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr><form name="form1" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<?php if($_SERVER["REQUEST_METHOD"] == "POST")
{ $result = $mysql->query($LoginQuery);
if($result->num_rows ==1)
{
$_SESSION['login_user']=$myusername;
header("Location:index.php");
exit();
}
else
{
echo '<tr><td width="78"> </td><td width="6"></td><td width="294"><font style="color:#f00; font-weight:bold;">Invalid!</font></td></tr>';
}
}
?>
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>
Friends can u find what i did wrong and help me correct it please.
Thank you
You have to understand HTTP:
A redirct is realized by the HTTP-Header.
In HTTP the header is send, before any output (like the webpage itself)
So you are trying to send a Redirect-Header after you send payload.
This is not possible.
In short, never use header() after you print out something on the page.
you should use function header before writing any other text
this is my form
<form action="test.php" method="post" name="myform">
<table width="500" border="0">
<tr>
<td width="369" colspan="3">Admin's Area </td>
<td width="121"><?php echo $_SESSION['name'];?></td>
</tr>
<tr>
<td colspan="3">sponseres list </td>
<td>+Add new Sponser</td>
</tr>
<tr>
<td colspan="3"><?php echo $sponsere_list; ?></td>
<td> </td>
</tr>
<tr>
<td align="center" colspan="4"> <a name="sponserForm" id="sponserForm"></a> Add New Sponser Form</td>
</tr>
<tr>
<td align="left">Sponser name</td>
<td align="left"><input type="text" name="spname" id="spname" tabindex="1" /></td>
<td colspan="2" align="center"> </td>
</tr>
<tr>
<td align="left">Image</td>
<td align="left"><input type="file" name="fileToUpload" /></td>
<td colspan="2" align="center"> </td>
</tr>
<tr>
<td align="left">Add this</td>
<td align="left"><input type="submit" name="sumit" id="sumit" value="Submit" tabindex="3" /></td>
<td colspan="2" align="center"> </td>
</tr>
<tr>
<td align="center" colspan="4"> </td>
</tr>
</table>
</form>
and this is the php code to retrive it
<?php
if(isset($_POST['spname'])){
$spname=mysql_real_escape_string($_POST['spname']);
$user_query = "INSERT INTO `sponsers` (`spname`)
VALUES ('{$spname}')
";
$sql=mysql_query($user_query)or die (mysql_error());
$spic= mysql_insert_id();
$newname="$spic.jpg";
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],"../sponsers/$newname")or die (mysql_error());
}
?>
when i try to upload a image it gives me this warning message
Notice: Undefined index: fileToUpload in J:\xampp\htdocs\srimag\admin\test.php on line 3
so i tried to echo the fileToUpload value by using $_POST['fileToUpload'] it show the values without errors so can't figure out the error.
so please help me on this :-(
Thanks.
Your main problem is you are missing the appropriate enctype attribute on your form
<form ... enctype="multipart/form-data">
Make sure you read this section of the manual carefully - http://php.net/manual/en/features.file-upload.php
Your issue is mentioned on the first page
Note:
Be sure your file upload form has attribute enctype="multipart/form-data" otherwise the file upload will not work.
You need enctype="multipart/form-data" in your form to upload images, also it would be a good idea to check if user even uploads an image and specificity naming a file .jpg will not work, images will be treated as corrupt when outputting if ther not jpegs, not to mention people uploading php files.
You also need to make some other checks on validity, upload security is not something that should be overlooked, else you have one of thos awful phone home / botnet malware scripts injecting code into all your scripts:
<?php
if(isset($_POST['spname'])){
$spname=mysql_real_escape_string($_POST['spname']);
$user_query = "INSERT INTO `sponsers` (`spname`)
VALUES ('{$spname}')";
$sql=mysql_query($user_query)or die (mysql_error());
$spic= mysql_insert_id();
if(isset($_FILES["fileToUpload"]["tmp_name"]) && $_FILES["fileToUpload"]["error"] ==0){
$name = basename($_FILES["fileToUpload"]['name']);
$ext = end(explode('.', $name));
$newname = $spic.".".$ext;
$info = getimagesize($_FILES["fileToUpload"]['tmp_name']);
$allowed = array('image/png','image/jpg','image/gif');
if($info[0]>0 && $info[1] > 0 && in_array($info['mime'],$allowed)){
move_uploaded_file($_FILES["fileToUpload"]['tmp_name'], "../sponsers/$newname");
//done upload
}else{
//Not allowed, perhap notify user
}
}
}
?>
include this in form tag
enctype="multipart/form-data"
You should add this in your form
<form action="test.php" method="post" name="myform" enctype="multipart/form-data">