if (isset($_POST["username"]) && isset($_POST["password"])) {
$adminuser = $_POST["username"];
$password = $_POST["password"];
// Connecting to database
include "../StorageScript/connecttomysql.php";
//sql query
$sql = mysql_query("SELECT id FROM admin WHERE username='$adminuser' AND password= '$password' LIMIT 1");
$existCount = mysql_num_rows($sql);
while ($row = mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION['id'] = $id;
$_SESSION['adminuser'] = $adminuser;
$_SESSION['password'] = $password;
}
In the above code am trying to fetch the user id from the database and place it into a session variable. When i try to echo the $_SESSION['id'] in a different page it does not display any thing. But When i try to echo the username it work.
If you use this command mysql_fetch_array($sql) use $row[0].
while ($row = mysql_fetch_array($sql)) {
$id = $row[0];
}
Or if you want to use $row["id"] then use mysql_fetch_assoc($sql)
while ($row = mysql_fetch_assoc($sql)) {
$id = $row["id"];
}
Of course you should be using mysqli_* or PDO rather than the deprecated mysql_* functions.
You want only one row from the query..
So don't use while loop....
if (isset($_POST["username"]) && isset($_POST["password"])) {
$adminuser = $_POST["username"];
$password = $_POST["password"];
// Connecting to database
include "../StorageScript/connecttomysql.php";
//sql query
$sql = mysql_query("SELECT id FROM admin WHERE username='$adminuser' AND password= '$password' LIMIT 1");
$existCount = mysql_num_rows($sql);
$row = mysql_fetch_array($sql);
$id = $row['id'];
$_SESSION['id'] = $id;
$_SESSION['adminuser'] = $adminuser;
$_SESSION['password'] = $password;
}
Related
I am trying to store session variables upon a login form, so that I can reference them on further pages. The echo of $row[level] is successful, but none of the SESSION variables.
session_start();
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT firstname, level, username FROM `roster` WHERE username ='$username' and password ='$password'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
if ($result->num_rows > 0) {
//while($row = $result->fetch_assoc()) {
//echo $row[level];
//header('location:begin.php');}
while ($row = $result->fetch()) {
$_SESSION['level'] = $row[level];
$_SESSION['firstname'] = $row[firstname];}
}}
I had also tried this, which successfully works for storing the username as a session variable but not the level variable.
session_start();
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT firstname, level, username FROM `roster` WHERE username ='$username' and password ='$password'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{$fmsg = "Invalid Login Credentials.";
}
}if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
$level = $_SESSION['level'];
header ('location: begin.php');
Thanks for your help!
Use quotes here
$_SESSION['level'] = $row["level"];
$_SESSION['firstname'] = $row["firstname"];
Be sure about looping and overwriting variable value, otherwise use array.
When a user signs in i want to echo back there ID (which is created because of the auto_increment in phpMyAdmin) from there account, here's my login.PHP:
<?php
$conn = mysqli_connect("xxxxxx", "xxxxx", "xxxx", "BuyerAccounts");
$Email = $_POST["Email"];
$Password = $_POST["Password"];
$sql_query = "select Buyer_Email from user_info where Buyer_Email like '$Email' and Buyer_Password like '$Password';";
$result = mysqli_query($conn, $sql_query);
if(mysqli_num_rows($result) > 0 ){
$row = mysqli_fetch_assoc($result);
$name = $row["Buyer_Email"];
echo "Welcome: Buyer";
}else{
$int = 1;
//echo "Buyer login failed...";
}
}else{
echo "Login failed...";
}
}
mysqli_stmt_close($statement);
mysqli_close($conn);
?>
Add the column name id in your sql query.let say your column name for id is ID
$sql_query = "select ID,Buyer_Email from user_info where Buyer_Email like '$Email' and Buyer_Password like '$Password';";
$result = mysqli_query($conn, $sql_query);
if(mysqli_num_rows($result) > 0 ){
$row = mysqli_fetch_assoc($result);
$name = $row["Buyer_Email"];
$user_id = $row['ID'];
echo $user_id;
echo "Welcome: Buyer";
}
Since your making login in php its good choice to use $_SESSION.
All you need to do is add a session_start(); at the top of any php script where you need to use session.
<?php
session_start();
$conn = mysqli_connect("xxxxxx", "xxxxx", "xxxx", "BuyerAccounts");
$Email = $_POST["Email"];
$Password = $_POST["Password"];
$sql_query = "select ID,Buyer_Email from user_info where Buyer_Email like '$Email' and Buyer_Password like '$Password';";
$result = mysqli_query($conn, $sql_query);
if(mysqli_num_rows($result) > 0 ){
$row = mysqli_fetch_assoc($result);
$name = $row["Buyer_Email"];
$user_id = $row['ID'];
//using session
$_SESSION["user_id"] = $user_id;
echo $user_id;
echo "Welcome: Buyer";
}
Now you can access anywhere in your php script using the $_SESSION variable.
echo $_SESSION["user_id"] ;
Let's start from the beginning. You create a login form, you store sessions based on the values:
login.php
session_start();
$_SESSION["username"] = $username;
main.page
$username = $_SESSION["username"];
echo "Hi $username";
EDIT 2
Ok, so you want to check if username exists and then echo their ID. Regardless, almost all login systems have sessions.
After logging in, let's say you have a $_SESSION of id.
php
session_start();
$id = $_SESSION["id"];
$db = mysqli_connect("xxxxxx", "xxxxx", "xxxx", "BuyerAccounts");
$check = $db->query("SELECT * FROM users WHERE id='$id'");
$num_check = $check->num_rows;
$fetch_check = $check->fetch_object();
$id2 = $fetch_check->id;
if($num_check) {
// User Exists
echo $id2;
} else {
echo "You don't exist."
}
Please note, normally, I would just echo $id. However, the OP requested to echo the id from the db, so I echoed $id2.
How can retrive data.here login not working.I used mysqli_fetch_array,but before while the condition failed.
<?php
session_start();
include 'db.php';
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($connect,"SELECT * FROM tbl-login where username='".$username."'");
$n = 0;
while($row = mysqli_fetch_array($query)) {
// $u-id = $row['u-id'];
$dbusername = $row['username'];
$dbpassword = $row['password'];
$usertype = $row['usertype'];
$_SESSION['usname'] = $dbusername;
$_SESSION['uid'] = $u-id;
$_SESSION['usertype'] = $usertype;
if ($dbusername == $username && $dbpassword == $password) {
$n++;
echo "grtet";
// header('location:dashboard.php');
}
}
if ($n == 0) {
header('location:index.php');
}
?>
$query = mysqli_query($connect,"SELECT * FROM tbl-login where username='".$username."' and password='".$password."'");
$row = mysqli_fetch_row($query); // Just ONE row, because expecting is, there is only one user with this USERNAME
if(empty($row)) {
echo 'Invalid username or password';
}else{
echo 'OK :)';
}
When you're not sure what makes a query fail, call mysqli_error(). While I haven't tested myself, I believe tbl-login is the cause of the error (which mysqli_error() should return if you call it).
MySQL allows spaces and non-identifier characters to be table/column name, but when referring to such a name, you need to enclose it between backtick (`). Hence tbl-login should be written as `tbl-login` in the SQL query.
You Have Created table name as tbl-login, column name as u-id and variable as $u-id, which i think is a problem. If Possible, change your column name, table name and variable name. Here are some links to get basic idea for creating variable name, column name, table name.
Create Variables, Create Table, Identifiers
I've updated your code. Please have a look.
<?php
session_start();
include 'db.php';
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($connect,"SELECT * FROM `tbl_login` WHERE username='$username' AND password='$password'");
$rowcount = mysqli_num_rows($query);
if($rowcount > 0) {
while($row = mysqli_fetch_array($query,MYSQLI_ASSOC)) {
$_SESSION['usname'] = $row['username'];
$_SESSION['uid'] = $row['u_id'];
$_SESSION['usertype'] = $row['usertype'];
header('location:dashboard.php');
}
} else {
header('location:index.php');
}
?>
I'm the following query to verify the login information posted by the form. But whenever I run the query i get internal server error. I'm not sure what i'm doing wrong.
<?php
if(isset($_POST["userName"]) && isset($_POST["password"])){
$userName = $_POST["userName"];
$password = $_POST["password"];
include "http://evocature.com/scripts/db_connect.php";
$results = mysql_query("SELECT id
FROM admins
WHERE userName = '$userName'
AND password ='$password' LIMIT 1");
$existCount = mysql_num_rows($results);
if($existCount == 1){
while($row = mysql_fetch_array($results)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("Location: http://www.evocature.com/admin/index.php");
exit();
}
else{
echo 'Invalid Information';
exit();
}
}
I belive you cant include http pages . Well not in this method .
I'm working on my school project and I need a simple login functionality. It was working 20 minutes ago but then I perhaps made some mistake. It doesn't show any error message. The database seems to be alright.
'jmeno' = name, 'heslo' = password
<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");
if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
$username = $_POST['heslo'];
$password = $_POST['jmeno'];
/* defends SQL injection */
// $username = stripslashes($username);
//$password = stripslashes($password);
//$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
//$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);
$sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."' AND heslo = '".$password."' LIMIT 1";
$result = mysqli_query($mysqli, $sqllogin);
if (!$result) {
die(mysqli_error($mysqli));
}
$count = mysqli_num_rows($result);
if ($count == 1) {
session_start();
$_SESSION['loggedin'] = true;
header('Location: home.php');
}else {
echo "<script language='javascript'>alert('Wrong password!');</script>";
}
}
?>
I think you mixed post values. Try :
$username = $_POST['jmeno'];
$password = $_POST['heslo'];
I suggest debugging as follows:
<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");
if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
$username = $_POST['heslo'];
$password = $_POST['jmeno'];
/* defends SQL injection */
// $username = stripslashes($username);
//$password = stripslashes($password);
//$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
//$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);
$sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."' AND heslo = '".$password."' LIMIT 1";
echo $sqllogin; //check the sql query string
$result = mysqli_query($mysqli, $sqllogin);
print_r($result);
if (!$result) {
die(mysqli_error($mysqli));
}
$count = mysqli_num_rows($result);
if ($count == 1) {
session_start();
$_SESSION['loggedin'] = true;
header('Location: home.php');
}else {
echo "<script language='javascript'>alert('Wrong password!');</script>";
}
}
?>
If sql string seems correct try querying the database directly and check output.
Probably there its not getting the $_POST vars, and not returning a valid $result.
Also I suggest you to not handle and save passwords like that but using hash functions like md5(string).