Hello guys I am trying to make a simple log-in system for a school project, I got it to work when I didn't implement the database. But as you can see now that I tried to implement the database it don't work so well since I can't make the PHP tags at the start and end of the echo's, anyway anyone who can help me out?
As I said it worked when I just wrote a random username and password, and didn't have any database thing on it.
<?php
session_start();
include('../inc/dbconnection_inc.php');
$result=mysqli_query($dbconnection, 'SELECT * FROM users');
$row=mysqli_fetch_array($result);
$p=$_POST['password'];
$u=$_POST['username'];
if ($u==echo $row["username"] AND $p==echo $row["password"]);
{
$_SESSION['username'] = echo $row["username"];
header("Location: admin.php");
}
else
{
header("Location: ../index.php");
}
I am not sure that you need echo there. According to the manual, echo returns nothing.
Try removing all echo's from the code, like
...
if ($u === $row["username"] && $p === $row["password"])
{
$_SESSION['username'] = $row["username"];
header("Location: admin.php");
}
(also I usually use && instead of AND, that also could be the cause)
Besides your code will check only first fetched row (I think you're aware of that?)
$p=$_POST['password'];
$u=$_POST['username'];
$query = 'SELECT * FROM users WHERE username = ?';
if($result=mysqli_query($dbconnection, $query)){
mysqli_stmt_bind_param($result, "s", $u);
mysqli_stmt_execute($result);
$row=mysqli_fetch_array($result);
if ($u == $row["username"] && $p == $row["password"]);
{
$_SESSION['username'] = echo $row["username"];
header("Location: admin.php");
}
else
{
header("Location: ../index.php");
}
}else{
//fail
}
Remove the echo
Select a specific user by adding a Where Clasuse
Prepare your statment
Related
I am trying to redirect a user after a logging with saving the session. I am trying to do that using header function in PHP:
<?php
include 'phpconnect.php';
if(isset($_POST['but_submit'])){
$uname = mysqli_real_escape_string($conn,$_POST['txt_uname']);
$password = mysqli_real_escape_string($conn,$_POST['txt_pwd']);
if ($uname != "" && $password != ""){
$sql_query = "select count(*) as cntAdmin from admindb where adminID='".$uname."' and AdminPassword='".$password."'";
$result = mysqli_query($conn,$sql_query);
$row = mysqli_fetch_array($result);
$count = $row['cntAdmin'];
if($count > 0){
$_SESSION['uname'] = $uname;
header('Location: adminpanel.php');
}else{
die("Invalid username and password");
}
}
}
?>
Credentials are correct, all other functions (for example registration form with inputting some data into the database) is working. Echo function call works fine if credentials are wrong, so database connection is fine. I suppose something wrong with header, but have no clue.
try this
header("Location: /adminpanel.php");
as a last resort you can use this
echo "<script>";
echo "window.location.href='/adminpanel.php'";
echo "</script>";
My cookies are not saving, I am using PHP 5.
Code:
require 'dbcon.php';
$sql = "SELECT * FROM accounts";
$result = $conn->query($sql);
$username = $_POST['username'];
$password = $_POST['password'];
$row = mysql_fetch_row($result);
setcookie("ID6", $row['ID'], time() + 60*60*24*31*12, "/") or die("Cookie could not be set. <a href='index.php'>Try again!</a>");
if(!isset($_POST['username']) || !isset($_POST['password'])) {
header("Location: index.php");
exit();
}
while($row = mysqli_fetch_assoc($result)) {
if($username == $row['username']) {
if($password == $row['password']) {
if($row['accdel'] == 1) {
echo("You are banned.");
exit();
}
echo "Logged in with cookie:" . $_COOKIE['ID6'];
exit();
}
else {
echo "The account does not exist, or you have put in the wrong log in.";
exit();
echo"That's not an account name though...";}
}
}
?>
Please help. Is the selected sql even a settable cookie value? (Please make it simple. I do not know much about php nor cookies.
https://www.jqueryscript.net/other/E-commerce-Cart-Plugin-For-jQuery.html
I tried save cookies with PHP many days never work.
Maybe try jquery.
The ID wasnt got from the database because it was not in the while loop.
Is it possible to have an if statement with three else parts?
My login script checks the username, password and captcha. If the user/pass or captcha is wrong, the site return with an error saying "username or password incorrect". But I also want it to give an error when there are blank fields (just one is sufficient to give the error). I thought I could just add a third else{ but Dreamweaver gives an error.
How can I achieve this?
<?php
$username=$_POST["username"];
$password=$_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$query = mysqli_query($con, "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'");
$result = mysqli_num_rows($query);
if($result===1){
session_start();
$_SESSION["username"] = $username;
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
header('location:admin.php');
exit();
}
else{
session_destroy();
die(header("location:lgin.php?codeFailed=true&reason=code&user=$username"));
exit();
}
}
else{
session_destroy();
die(header("location:lgin.php?loginFailed=true&reason=login"));
exit();
}
else{ //dreamweaver gives an error here
session_destroy();
die(header("location:lgin.php?blank=true&reason=blank"));
exit();
}
?>
There can be only one else per if statement. If you are nesting if statement .. you can have more else .. but still one else block per if statement. As I see it , you have two if conditions and three else blocks. That will not work .. you will need to remove one last dangling else.
Also it will improve your code readability if you indent it properly.
if ($result === 1) {
session_start();
$_SESSION["username"] = $username;
if (isset($_POST["captcha"]) && $_POST["captcha"] != "" && $_SESSION["code"] == $_POST["captcha"]) {
header('location:admin.php');
exit();
} else {
session_destroy();
header("location:lgin.php?codeFailed=true&reason=code&user=$username")
exit();
}
} else {
session_destroy();
header("location:lgin.php?loginFailed=true&reason=login")
exit();
}
You may want to use else if ... just in case you have more conditions to check. It will help if you visually draw a flowchart to see what you really want to achieve and then code it.
The code can be improved a lot .. but I guess that's not your primary concern here so I am leaving that .
I made a lock file to see whether people are logged in on certain pages and I was curious as to if it is actually secure enough to put live or if people can easily bypass this lock.
Here is my code currently:
<?php
session_start();
if ((isset($_POST['user'])) && (isset($_POST['pass']))) {
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}
include("config.php");
if ((isset($_SESSION['user']) && (isset($_SESSION['pass'])))) {
$sql = "SELECT count(*) FROM `users` WHERE user = :name and pass = :pass";
$result = $db->prepare($sql);
$result->bindValue(':name', $_SESSION['user']);
$result->bindValue(':pass', $_SESSION['pass']);
$result->execute();
$number_of_rows = $result->fetchColumn();
if ($number_of_rows !== 1){
echo "ERROR - USER AND PASS DO NOT MATCH";
} else { echo "SUCCESS!"; }
} else { echo "YOU NEVER LOGGED IN!"; }
?>
I feel like since it checks the database for a user and password match that there isn't really any way around this but at the same time I'm somewhat new to PHP and don't really know.
you can add this on top of your code.
<?php
session_start();
if(empty($_SESSION['user']) && empty($_SESSION['pass']))
{
header("location:your_login_page.php");
exit();
}
this code automatically redirect user to login page if they are trying to enter in session or registered member area....
I am trying to do a simple login with PHP and mysql, and using Sessions as well. I have the code, which should work in theory, however it keeps redirecting me to the login page (refreshing it) instead of taking me to the profile.
$username = $_POST['username'];
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1){
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
$uid = $row[0];
session_register($uid);
header('location:profile.php?conf='.$row[0]);
}
else{
echo 'Wrong username';
}
no it shouldn't work in theory
try this
<?php
$username = mysql_real_escape_string($_POST['username']);
$query = "SELECT `confirmcode` FROM `fb_network`
WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query) or trigger_error(mysql_error().$query);
if ($row = mysql_fetch_row($result)){
session_start();
$_SESSION['conf_code'] = $row[0];
header('Location: profile.php');
exit;
} else {
echo 'Wrong username';
}
but there can be other issues, from code you didn't post here r other reasons.
as a matter of fact, only debugging can tell you what's the problem for sure
I would use a user defined function and make it to check the login credentials and return true or false from the function.
you can use something like this.
function check_login ($username, $password) {
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if( mysql_num_rows($result) == 0) {
return false;
}
if( mysql_num_rows($result) == 1) {
$_SESSION['loggedin'] = "true";
header('location:profile.php?conf='.$row[0]);
return true;
}
}
and then call the function easily and display the appropriate message.
check the following code..
<?php
session_start();
/** If the User is already Logged in then redirect to login.php **/
if(isset($_SESSION['loggedin'])){
header("Location: login.php");
}
else {
if( check_login($_POST['username'], $_POST['password'])) {
header('location:profile.php?conf='.$row[0]);
}
}
althoough the code is not exact but this might be enough to get you going.
I see that your code has only two options - display "wrong code" or redirect to the other page. no place where you are redirecting to the login page?
You need to initiate the session by sessions_start() before the rest of the code.
If you have any sort of 'test' script on the profile page that re-directs you if you're not logged in, it may be that the above code logs you in, but does not carry the session variable correctly to the profile page...and subsequently sends the user back to log in again.
Make sure the session is properly initiated on each page using the variable and make sure they match on both ends.
You have two main problems:
You are not using session_start to tell PHP to start tracking sessions
You are using session_register. session_register requires register_globals to be on, which it hopefully is not in your environment. It also expects its argument to be a string which is the name of the variable you wish to store. You should instead use $_SESSION['uid'] = $row[0];
You should also read about SQL injection, a very serious and common security flaw that your code exhibits.
Here is a corrected version of your code:
<?php
session_start(); //it's fine to just do this by habit at the top of every page
$username = $_POST['username'];
//I added mysql_real_escape_string - please read about "sql injection", as it is a very serious and common problem!
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '".mysql_real_escape_string($username)."' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
//not sure if this is what you weree going for or not
$_SESSION['uid'] = $row[0];
header('location:profile.php?conf='.$row[0]);
}
else {
echo 'Wrong username';
}
Then in profile.php, to check if someone is logged in:
<?php
session_start();
if( ! isset($_SESSION['uid']))
//Not logged in!
if( $_SESSION['uid'] != $_GET['conf'])
//trying to access someone else's page!