Ok I am trying to create a simple login here but my login code as well as the intropage wont work properly. Tried to tweak the code for SESSION but find no luck.
Here's the code for my login.php:
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
Then for here's the code for my intropage.php where in I redirect the page.
<?php
session_start();
if(!isset($_SESSION["session_username"])){
header("location:login.php");
} else {
?>
<?php include("includes/header.php"); ?>
<h2>Welcome, <?php echo $_SESSION['session_username'];?>! </h2>
<p>Logout Here!</p>
<?php
}
?>
Any help please? Just wanna make this work or if anything you can tweak so that I can find where I made a mistake. A big thanks!
You need to check if the session name is set inside all pages using if(isset($_SESSION["session_username"]))
login.php
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
session_start();
?>
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_SESSION["session_username"])){
// echo "Session is set"; // for testing purposes
header("Location: intropage.php");
}
else{
echo "You are not logged in.";
}
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query =mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
// old placement
// session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
// $message = "Invalid username or password!";
echo "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
Footnotes:
Your present code is open to SQL injection. Use prepared statements, or PDO.
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
Passwords
I noticed that you may be storing passwords in plain text. This is not recommended.
Use one of the following:
CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
PBKDF2 For PHP
<?php
session_start();
require_once("includes/connection.php");
include("includes/header.php");
$message = '';
if(isset($_REQUEST["login"])) {
if((isset($_POST['username']) && strlen(trim($_POST['username'])) > 0) && (isset($_POST['password']) && strlen(trim($_POST['password'])) > 0)) {
$username = filter_var($_POST['username'],FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
$query = mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."' LIMIT 1");
if(mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query));
$_SESSION['session_username'] = $row['username'];
/* Redirect browser */
header("Location: intropage.php");
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" />
</label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" />
</label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php
include("includes/footer.php");
if (!empty($message)) {
echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";
}
?>
That won't do it, session_start needs to be at the top of the file to work properly. So either include it at the beginning of the file "includes/header.php" (which you are including in your login page) or in some other include file which you will be using in all of your pages.
Put your session_start() into your top of the page.
i have just commented your code. and its worked for me. Just copy and run this code directly.
<?php session_start();
//require_once("includes/connection.php"); ?>
<?php //include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
/* $query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{*/
$_SESSION['session_username']=$username;
print_r($_SESSION);
/* Redirect browser */
/* header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
*/
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
You are unnecessarily checking session username in intropage.php
you should remove the code
if(!isset($_SESSION["session_username"])){
header("location:login.php");
From intro file and start session only once and it should be in header file's first line.
Related
I wrote a code to show the return variable value at some specific location in HTML paragraph tag without using AJAX.
I wrote below code for that but its not working for me.
<?php
$Success = "";
$Failed = "";
?>
<br><br>
<center>
<h3>Already a user? Log in:</h3>
<p style="color:green;"><?php echo $Success; ?></p>
<p style="color:red;"><?php echo $Failed; ?></p>
<form action="" method="POST">
<div>Username:</div> <input type="text" name="username">
<div>Password:</div> <input type="password" name="password">
<br><br>
<input type="submit" value="Log In" name="login">
</form>
</center>
<?php
if(isset($_POST['login']))
{
if( !empty($_POST['username']) && !empty($_POST['password']) )
{
$Success = "Thanks.";
}
else
{
$Failed = "You must supply a username and password.";
}
}
?>
Php scripts compiled line by line, So you must assign variable before using those. You can use this:
<?php
$Success = "";
$Failed = "";
if(isset($_POST['login']))
{
if( !empty($_POST['username']) && !empty($_POST['password']) )
{
$Success = "Thanks.";
}
else
{
$Failed = "You must supply a username and password.";
}
}
?>
<br><br>
<center>
<h3>Already a user? Log in:</h3>
<p style="color:green;"><?php echo $Success; ?></p>
<p style="color:red;"><?php echo $Failed; ?></p>
<form action="" method="POST">
<div>Username:</div> <input type="text" name="username">
<div>Password:</div> <input type="password" name="password">
<br><br>
<input type="submit" value="Log In" name="login">
</form>
</center>
Hi friends am trying to redirect a page once user logged in by using heade location but its not working unable to understand why..
Here is code..
<?php include "config.php"; ?>
<?php session_start();
error_reporting(0);
ini_set('display_errors', 0);
if(isset($_SESSION['username'])){
header("Location: user_details.php");
}
?>
Here is my html login with php
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
header("location: titles.php");
}
else
{
echo "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
</div>
</form>
</div>
Can anyone help me how can I redirect. I have used the echo statement after the heade location only I have tried both 'L' and 'l' in Location
This line will never work:
header("location: titles.php");
as headers must be sent before any form of output. It's usually common practice to place the isset($_POST['submit']) above the HTML block, and assign vars you might want to put into the HTML for later use.
Try reformatting your code as such:
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
header("location: titles.php");
}
else
{
$error = "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?PHP if(isset($error)){ echo $error; } ?>
</div>
You also need to call:
session_start()
before you can assign any session vars.
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
//header("location: titles.php");
echo "<script>window.location.href='titles.php'</script>";
}
else
{
echo "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
</div>
</form>
</div>
Try This
You have to start object.
// Add this start of file after <?php
ob_start();
This code works perfectly in localhost, but when I upload it to server it won't set the sessions.
<?php
session_start();
if (isset($_SESSION["manager"])) {
header("location: index.php");
exit();
}
?>
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 1) { // evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["manager_id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["manager_password"] = $password;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again Click Here';
exit();
}
}
?>
<?php include_once("template_header.php");?>
<div class="main">
<div class="main_content">
<div align="left" style="margin-left:24px;">
<h2>Please Log In To Manage the Store</h2>
<form id="form1" name="form1" method="post" action="admin_login.php">
<br>
<input name="username" type="text" placeholder="Username" id="username" size="40" />
<br /><br />
<input name="password" type="password" placeholder="Password" id="password" size="40" />
<br />
<br />
<input type="submit" name="button" id="button" value="Log In" />
</form>
<p> </p>
</div>
</div>
</div>
<?php include_once("template_footer.php");?>
I'm using PHP and HTML for a user login, it works fine, it sends me error message when there are empty fields or when I enter a wrong password, but it fails when i want to re-direct me to the file if the 'username' and 'password' are properly admitted. Any ideas?
my PHP:
<?php
session_start();
?>
<?php require_once("../includes/connection.php"); ?>
<?php include("../includes/header.php"); ?>
<?php
if(isset($_SESSION["session_username"])){
// echo "Session is set"; // for testing purposes
header("Location:intropage.php");
}
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query =mysql_query("SELECT * FROM admin_list WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location:intropage.php");
}
} else {
$message = "Nombre de usuario ó contraseña invalida!";
}
} else {
$message = "Todos los campos son requeridos!";
}
}
?>
HTML
<div class="container mlogin">
<div id="login">
<h1>Logueo</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Nombre De Usuario<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Contraseña<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Entrar" />
</p>
<p class="regtext">No estas registrado? <a href="register.php" >Registrate Aquí</a>!</p>
</form>
</div>
</div>
PHP empty field Error Message
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
I think it may be a string literals issue which is causing the mysql query to fail.
Try changing:
$query =mysql_query("SELECT * FROM admin_list WHERE username='".$username."' AND password='".$password."'");
To this instead:
$query =mysql_query("SELECT * FROM admin_list WHERE username='$username' AND password='$password'");
A php die function question.
when I use die(), it clean all page elements.
Is any way to echo error message and not clean all page, It looks like jump to another page when I use die() to stop code and call out the message.
Here are my code
<?PHP
$message="";
if(isset($_POST['submit'])){
$name=$_POST['name'];
$password=$_POST['password'];
//Field check
if($name && $password){$message=$name . $password;}
else{die($message="please enter name and password");}
//Check name
if($name=="alex" && $password==123){$message="Welcome ". $name;}
else{$message="wrong user or password";}
}
?>
<html>
<p>SIGN UP</p>
<form action="testing.php" method="POST">
<input type="text" name="name" placeholder="Enter Name" />
<input type="password" name="password" placeholder="Enter Password"/>
<input type="submit" name="submit" value="Sign up"/>
</form>
<div><?PHP echo $message?></div>
</html>
You should read your script for top to bottom, including anything outside of <?php ?>. When using die() your script stops then and there.
<?php $a = "something"; ?>
<html>
<p><?php echo $a?></p>
<?php die(); ?>
<p>Never here</p>
</html>
Would output
<html>
<p>something</p>
In your case do
<?php
if(isset($_POST['submit'])){
$name=$_POST['name'];
$password=$_POST['password'];
//Field check
if(!$name || !$password) {
$message="please enter name and password");
//Check name and password
} elseif ($name=="alex" && $password=="alex1") {
$message="Welcome ". $name;
} else {
$message="Username or password incorrect"
}
?>
<html>
<p>SIGN UP</p>
<form action="testing.php" method="POST">
<input type="text" name="name" placeholder="Enter Name" />
<input type="password" name="password" placeholder="Enter Password"/>
<input type="submit" name="submit" value="Sign up"/>
</form>
<div><?php echo $message?></div>
</html>
Also note that I'm using '==' to compare, not '='.