Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying to dislplay a "welcome, username !" , but it's always dislaying "not working".
How can i fix this ?
This is the index_l.php page content:
<?php
if(isset($_SESSION['username']) && $_SESSION['username']) {
echo "Welcome, ".$_SESSION['username']."!";
}
else{
echo "not working";
}
?>
This is the login script:
<?php
include('connect.php');
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
$_SESSION['username'];
$_SESSION['loggedin'] = true;
header("location:index_l.php");
}
else {
echo "Problem";
}
?>
Your code doesn't work because $_SESSION['username'] doesn't have a value:
$_SESSION['username'];
You might want to set it the value of $username:
$_SESSION['username'] = $username;
session variable does not have a value.
$_SESSION['username']
Also,
You have to add
session_start();
at the very beginning in both files index_l.php and login script
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 11 months ago.
Improve this question
I have created a login page for my website using PHP. For the validation, I would like error messages to display if the username doesn't exist, if the password is wrong or if the user hasn't entered one or the other. Most of my validation works except validating if the password is correct. The code I used is below. I believe the problem is with the password_verify if statement. The error message prompting the user that the password is incorrect is appearing even when the password is correct.
<?php
// Initalise session
session_start();
//Check if the user is already logged in, if yes then redirect to members page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: members.php");
exit;
}
//Include config file
require_once "config.php";
//Define variables and initalise with empty values
$username = $password = "";
$username_err = $password_err = "";
//Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
//Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Please enter your username.";
} else{
$username = trim($_POST["username"]);
}
//Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
//Validate credentials
if(empty($username_err) && empty($password_err)){
//Prepare a select statement
$sql = "SELECT username, password FROM users WHERE username = ?";
if($stmt = $mysqli->prepare($sql)){
//Bind variables to the prepared statement as parameters
$stmt->bind_param("s", $param_username);
//Set parameters
$param_username = $username;
//Attempt to execute the prepared statement
if($stmt->execute()){
//Store result
$stmt->store_result();
//Check if username exists, if yes then verify password
if($stmt->num_rows == 1){
//Bind result variables
$stmt->bind_result($username, $password);
if($stmt->fetch()){
if(password_verify($password, $_POST['password'])){
//Password is correct, so start a new session
session_start();
//Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
//Redirect user to members page
header("location: members.php");
} else {
//Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else{
//Display an error message if username doesn't exist
$username_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
//Close statement
$stmt->close();
}
}
//Close connection
$mysqli->close();
}
?>
You have your variables flip-flopped:
if(password_verify($password, $_POST['password'])){
should be
if(password_verify($_POST['password'], $password)){
NOTES
It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.
Password hashes in PHP are at least 60 characters long, make sure the column where you're storing the password is larger in order to handle future hashing algorithms. VARCHAR(255) or TEXT have enough storage to accommodate future hashes.
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
I am having great problem fixing this issue here and i am not very familiar with php. I don't see any problem missing in the code. I have searched and spent a really long time on this. However, it just keeps changing from one to another issue. the error that appears looks like this,
Undefined variable: password in /home2/abdi/public_html/phpinfo.php/login files/login.php on line 19
here is the actual code
<?php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); //connect to database $db=mysqli_connect("localhost","abdi_yae","abdi_yae123","abdi_ya"); if(isset($_POST['login_btn'])) { addslashes(trim($_POST['username'])); addslashes(trim($_POST['password'])); //$username=mysqli_real_escape_string($_POST['username']); // $password=mysqli_real_escape_string($_POST['password']); $password=md5($password); //Remember we hashed password before storing last time $sql="SELECT * FROM users WHERE username='$username' AND password='$password'"; $result=mysqli_query($db,$sql); if(mysqli_num_rows($result)==1) { $_SESSION['message']="You are now Logged In"; $_SESSION['username']= $username; header("location:home.php"); } else { $_SESSION['message']="Username and Password combiation incorrect"; } } ?>
You need to set password variable for this.
$password = $_REQUEST['pass_text_name'];
<?php error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start(); //connect to database
$db=mysqli_connect("localhost","abdi_yae","abdi_yae123","abdi_ya");
if(isset($_POST['login_btn'])) {
$username = addslashes(trim($_POST['username']));
//addslashes(trim($_POST['password']));
//$username=mysqli_real_escape_string($_POST['username']);
// $password=mysqli_real_escape_string($_POST['password']);
$password=md5($_POST['password']); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
if(mysqli_num_rows($result)==1)
{
$_SESSION['message']="You are now Logged In";
$_SESSION['username']= $username;
header("location:home.php");
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
Check Now Buddy. It's Done
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
I keep on getting this error:
Failed to connect to MySQL: Access denied for user 'root'#'localhost' (using password: XXX)
I am using mamp server to run my web server. why do i get this error? everything looks fine to me but it denys me access.
here is my code:
<?php
$servername = "localhost";
$dbname = "dbtechnerdzzz";
$user = "root";
$password = "";
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['form-username']) || empty($_POST['form-password'])) {
$error = "Username or Password is invalid";
}
else
{
$connection=mysqli_connect($servername, $user, $password, $dbname);
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// To protect MySQL injection for Security purpose
$username = mysqli_real_escape_string($connection,$_POST['form-username']);
$password = mysqli_real_escape_string($connection,$_POST['form-password']);
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection,"select * from accounts where Password='$password' AND Username='$username'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $username; // Initializing Session
header("location: profile.php"); // Redirecting To profile Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
header("location: signin.php"); // Redirecting To login Page
}
}
?>
mamp's Default password is root.
Change your configuration like this.
$servername = "localhost";
$dbname = "dbtechnerdzzz";
$user = "root";
$password = "root";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
EDIT: There are invisible spaces after the PHP tag. I removed them, and it's now working.
So I have this website project that was built for 4 weeks.
THE LOGIN FORM HERE IS WORKING.
This is the code for the login.php
<?php
session_start(); // Starting Session
$error='';
if (isset($_POST['ComeIn'])) { //NAME OF THE BUTTON CLIKED
if (empty($_POST['email']) || empty($_POST['pwd'])) { //IF EMPTY
$error = "Username or Password is invalid";
}
else
{
$username=$_POST['email'];
$password=$_POST['pwd'];
include ('connection.php');
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * from user_account where Password='$password' AND Email='$username'", $connection);
$row1= mysql_fetch_array($query);
$rows = mysql_num_rows($query);
if ($rows == 1) { //IF OK
if ($row1['AccType'] == "Teacher")
{
$_SESSION['login_user']=$username; // Initializing Session
header("location: teachers/teacherprofile.php"); // Redirecting To Other Page
}
else if ($row1['AccType'] == "Student")
{
$_SESSION['login_user']=$username; // Initializing Session
header("location: students/studentprofile.php"); // Redirecting To Other Page
}
else
{
echo ("<script language = 'Javascript'>
window.alert('Incorrect Input!')
window.location.href='index.php'
</script>");
}
} else
{
echo ("<script language = 'Javascript'>
window.alert('Incorrect Input!')
window.location.href='index.php'
</script>");
}
}
mysql_close($connection);
}
?>
But this admin login form is not working and it has almost the same code. It's not going anywhere. It's just going to login2.php and none of the PHP functions are working. Below is the login2.php:
<?php
session_start(); // Starting Session
$error='';
include ('connection.php');
if (isset($_POST['login'])) { //NAME OF THE BUTTON CLIKED
if (empty($_POST['aemail']) || empty($_POST['apwd'])) { //IF EMPTY
$error = "Username or Password is invalid";
}
else //TEXTFIELDS NOT EMPTY
{
$username=$_POST['aemail'];
$password=$_POST['apwd'];
include ('connection.php');
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * from service_account where CS_Password='$password' AND CS_Email='$username'", $connection);
$row1= mysql_fetch_array($query);
$rows = mysql_num_rows($query);
if ($rows == 1) { //IF OK
if ($row1['SA_Type'] == "Admin")
{
$_SESSION['login_user']=$username; // Initializing Session
header("location: admin/admin_dashboard.php"); // Redirecting To Other Page
}
else if ($row1['SA_Type'] == "Customer Service")
{
$_SESSION['login_user']=$username; // Initializing Session
header("location: cservice/cs_inquiry.php"); // Redirecting To Other Page
}
else
{
$error = "Username or Password is invalid";
header("location: login_csa.php");
}
} else
{
$error = "Username or Password is invalid";
header("location: login_csa.php");
}
mysql_close($connection);
}
}
?>
Im debugging this for two days now. THe weird part is, When I tried to use the system in localhost, it's perfectly working. When I put it in iPage.com, that happens. Any suggestions?
This is a common occurrence and is called "The White Screen of Death".
You should turn on error reporting at the top of your script to figure out what the issue is, that's causing this!
<?php
ini_set('display_errors', 1);
error_reporting(-`);
Note: This is almost always because output was sent to the browser before you tried to start a session or do something.
The above will tell you exactly what the issue was, and in your case it did. Stating:
Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at
/hermes/bosoraweb126/b1216/ipg.meteacherscom/login2.php:2) in
/hermes/bosoraweb126/b1216/ipg.meteacherscom/login2.php on line 4
Now if you didn't have anything echo'ing to the screen before you started the session, then your issue would have to be some invisible characters within your PHP script.
If that's your case (which it seems, was), then you should follow this answer below to remove those invisible characters (bad encoding). Your script will run again properly.
Clean source code files of invisible characters
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I have the following code to sign up and it hashes the password which i can see in the database is successfully hashed
function newUser() {
$forename = $_POST['forename'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$securityq = $_POST['securityq'];
$securitya = $_POST['securitya'];
$password = $_POST['password'];
$hash = password_hash ($password, PASSWORD_BCRYPT );
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$hash')";
$data = mysql_query ($query)or die(mysql_error());
if($data)
{
}
}
and the following is code is for my sign in page:
$email = $_POST['email'];
$password = $_POST['pass'];
function SignIn()
{
session_start();
if (!empty($_POST['email']))
{
$query = mysql_query ("SELECT * FROM admin where email = '$_POST[email]' AND password = '$_POST[pass]'");
$row = mysql_fetch_array ($query);
if(!empty($row['email']) AND !empty($row['password']))
{
$_SESSION['email'] = $row['password'];
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Successful Login')
window.location.href='adminhome.php';
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Invalid Login Credentials')
window.location.href='adminsignin.php';
</SCRIPT>");
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
But I can't sign in at all with the password.
I've fiddled around with the sign in code but cannot find what I need to change to fix this issue,
many thanks, in advance.
You never hash the password provided by the login form, so you're doing
if (real password == hashed string)
which will never match. You need something more like
$hash = password_hash ($_POST['password'], PASSWORD_BCRYPT );
$sql = "SELECT ... WHERE hash='$hash'";
And of course, you have gaping wide open SQL injection attack vulnerabilities, so your login form is utterly useless.
It is not possible to search for a hashed password with an SQL statement, because the hash is salted. Instead you can read the hash from the database, and afterwards check whether the hash matches the provided password:
SELECT password FROM admin where email = ?
With this hash from the database you can verify the password:
$isPasswordCorrect = password_verify($_POST[pass], $existingHashFromDb);