I've spent a lot of time looking for something that could help me doing this:
I have 3 pages, one called login.php, another called trataLogin.php and another called index.php.
The login and trataLogin page is working perfectly but when I try to call a variable into the index.php from login I can't do it.. I don't know what else to do it.
This is my login.php
<?php
require_once('connection/dbconnection.php');
session_start();
?>
...
<form name="form" action="trataLogin.php" method="post">
<input type="text" name="username" placeholder="username" /><br/>
<input type="password" name="password" placeholder="password" /><br/>
<br/>
<br/>
<input type="submit" value="login" />
</form>
trataLogin.php
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
$username = $_POST['username'];
$password = sha1($_POST['password']);
$query = "SELECT * FROM utilizadores WHERE username = '" . $username . "' AND password = '" . $password . "'";
$admin='';
$result = $conn->query($query);
if ($result->num_rows > 0) {
$_SESSION['verifica_login'];
$row = $result->fetch_assoc();
if ($row['admin'] == 1) {
$admin = true;
header('Location:admin.php');
} elseif($row['admin'] == 0){
$admin = false;
header('Location:index.php');
} else {
$_SESSION['verifica_login']="Username ou password incorretos";
}}
?>
and in index.php I have this
<?php
require_once('connection/dbconnection.php');
session_start();
$_SESSION['dadoslogin']=$_POST;
?>
and somewhere below in index.php I've something that it was suppose to print the username of the person who logged in
<?php echo $_SESSION['username']; ?>
You're overwriting your $_SESSION in index.php:
Remove that part
$_SESSION['dadoslogin']=$_POST;
And echo your variable like this:
echo $_SESSION['dadoslogin']['username'];
Related
I have a login table containing Name, Username and Password. When user logins with username and password, I want to display the name of the user instead of the username. I want to display user's name in the next page as Welcome NAME instead of Welcome USERNAME.
Here is the HTML:
<form class="form-basic" method="post" action="login.php">
<div class="form-row">
<label>
<span>Username</span>
<input type="text" name="username" id="username" >
</label>
</div>
<div class="form-row">
<label>
<span>Password</span>
<input type="password" name="password" id="password" >
</label>
</div>
<div class="form-row">
<button type="submit" name="submit" id="submit"/>SUBMIT</button>
</div>
</form>
PHP code:
<?php
// your values are stored in cookies, then you can login without validate
include_once 'db.php';
// login validation in php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = $_POST['password'];
$query = mysql_query("select name,username,password from reglogin where username='".$username."' AND password='".$password."'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row=mysql_fetch_assoc($query)) {
$dbname=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbname && $password == $dbpassword)
{
$_SESSION['sess_user']=$name;
echo "<script>window.open('registration1.php','_self')</script>";
}
}
else {
echo "<script>alert('Invalid! Username or Password')</script>";
}
}
?>
you have input
<input type="text" name="username" id="username" >
In php side you are accessing
$name=$_POST['name'];
you have to change above line to
$name=$_POST['username'];
or you have to update
$_SESSION['sess_user']=$name;
to
$_SESSION['sess_user']=$row['username'];
Updated
As you need name so you can set name to session
$_SESSION['sess_user']=$row['name'];
You can replace your code with this one:
Your errors:
In the line number 8 you have an Undefined Index called name.
You are using that in value for $_SESSION which you can get from
database while fetching the username and password.
Review your query what you are selecting and what you fetched.
Changes I have made:
check line number 8.
check line number 20
Hope this will help you.
// your values are stored in cookies, then you can login without validate
include_once 'db.php';
// login validation in php
if (isset($_POST['submit'])) {
// $name = $_POST['name']; // this is not posted
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = $_POST['password'];
$query = mysql_query("select name,username,password from reglogin where username='".$username."' AND password='".$password."'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row=mysql_fetch_assoc($query)) {
$dbname=$row['username'];
$dbpassword=$row['password'];
$name =$row['name'];
}
if($username == $dbname && $password == $dbpassword)
{
$_SESSION['sess_user']=$name;
echo "<script>window.open('registration1.php','_self')</script>";
}
}
else {
echo "<script>alert('Invalid! Username or Password')</script>";
}
}
?>
I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
This is a my accounts page the user sees once they have logged in, it displays the user details from the database at the top.
I have added the function to change the password but it isn't working.
I'm trying to make it so that when the user clicks the 'submit' button the new password replaces the old password in the database, however the if statement isn't working
When I click the submit button it just refreshes the page because of my else.
ob_start();
$query ="SELECT * FROM Customers WHERE Email='". $_SESSION['Email'] ."'";
$result = mysqli_query($connection,$query);
if ($row = mysqli_fetch_assoc($result)) {
$DFirstName = $row ['FirstName'];
$DLastName = $row ['LastName'];
$DEmail = $row['Email'];
$DPassword = $row ['Password'];
$DGender = $row ['Gender'];
$DAge = $row ['Age'];
echo'Welcome: ' .$DFirstName. ' ' .$DLastName. '<br/>';
echo'Email: ' .$DEmail. '<br/>';
echo'Gender: ' .$DGender. '<br/>';
echo'Age: ' .$DAge;
}else{
echo'error';
}
?>
<h1>Change your password</h1>
<form method="post">
Old Password <input type="password" name"password" value=''/></br>
New Password <input type="password" name"newpassword" value=''/></br>
<input type="submit" name"submit" value="submit"/>
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
if ($_POST['password'] == $_SESSION['password']){
$newpassword = $_POST['newpassword'];
$username = $_SESSION['Email'];
$query = "UPDATE Customers
SET Password = '$newpassword'
WHERE Email = '$username'";
$result = mysqli_query($connection,$query);
//so that the user has to log back in once password has been changed
session_destroy();
header('location:login.php');
} else {echo 'error1';}
}else {echo 'error2';}
ob_flush();
?>
</div>
You have typos in your HTML code:
name"password"
name"newpassword"
name"submit"
You leaved the = sign. Change to this:
name="password"
name="newpassword"
name="submit"
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
I'm kinda' beginner and I've coded my own PHP login from Zero, but I still got some errors, here's the code:
<?php
include 'connection.php';
$query = " SELECT * FROM admin";
$result = mysql_query($query) or die(mysql_error());
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
if ($username = $result['username']) {
if ($password = $result['password']){
header('Location: admin.php');
} else {
echo "PASSWORD IS INCORRECT";
}
} else {
echo "USERNAME IS INCORRECT";
}
?>
So if you can fix this or got an easier way from PHP login from please tell me. :)
A few things...
Don't use mysql functions
You need to use == to compare strings, not =
You need to actually fetch the results of your query
include 'connection.php';
$query = " SELECT * FROM admin";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result); /* add this */
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
if(isset($_POST['usernameInput']) && isset($_POST['passwordInput'])){
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
}
else{
echo 'some error ...';
}
if($username == $row ['username'] && $password == $row ['password']){
header('Location: admin.php');
}
else{
echo ' username or password is wrong';
}
?>
I have to point out that you are sending the same form over and over without first checking the post. And when you send the form, you will not be able to send the header to redirect, because html is started and headers are sent already.
Mysql functions are deprecated, please use mysqli interface.
Among other several bugs like assignment = instead of is equal ==
Try it this way:
If no post exists send the form else check and if ok redirect or not ok. resend the form
<?php
if($_POST){
include 'connection.php';
$query = " SELECT * FROM admin";
$r = mysql_query($query) or die(mysql_error());
// get an associated array from query result resource.
$result = mysql_fetch_assoc($r);
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
if ( ($username == $result['username'])
&& ($password == $result['password'])){
header('Location: admin.php');
exit(0);
} else {
echo "PASSWORD IS INCORRECT";
}
}
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
?>