I am working on this registration system where I have a captcha control at the end. I have error reporting included, no error appears. Output page says capcha successfull. While I can see in DB no data being inserted..
Form:
<h2>Registration Form</h2>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
PHP:
include 'db_connect.php';
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
if ($username=='')
{
echo 'Please choose an username for yourself.';
exit();
}
if ($password1=='')
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if ($password2=='')
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if ($name=='')
{
echo 'Please enter your first and the last name.';
exit();
}
if ($phone=='')
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if ($email=='')
{
echo 'Please enter your email address.';
exit();
}
//duplicate Entry Validation
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
//Data Insertion
$query = "insert into users (username,password,name,phone,email) value ('$username','$password1','$name','$phone','$email')";
if(mysql_query($query)) {
echo "Registration Successfull";
}
}
//Captcha Validation
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
?>
MySQL is deprecated already, you should use MySQLi instead. Try this:
PHP:
<?php
/* ESTABLISH CONNECTION */
session_start();
$con=mysqli_connect("YouHost","YouUsername","YourPassword","YourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
if (isset($_POST['register'])) { /* THIS SHOULD BE register, BECAUSE YOU NAMED YOUR SUBMIT BUTTON register, NOT submit */
$username = mysqli_real_escape_string($con,$_POST['username']);
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password2 = mysqli_real_escape_string($con,$_POST['password2']);
$name = mysqli_real_escape_string($con,$_POST['name']);
$phone = mysqli_real_escape_string($con,$_POST['phone']);
$email = mysqli_real_escape_string($con,$_POST['email']);
/* YOU SHOULD PRACTICE USING ESCAPE_STRING TO PREVENT SOME OF SQL INJECTIONS */
if (empty($username))
{
echo 'Please choose a username for yourself.';
exit();
}
if (empty($password1))
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if (empty($password2))
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if (empty($name))
{
echo 'Please enter your first and the last name.';
exit();
}
if (empty($phone))
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if (empty($email))
{
echo 'Please enter your email address.';
exit();
}
/* duplicate Entry Validation */
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysqli_query($con,$check_email);
if(mysqli_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
/* Data Insertion. YOU SHOULD ALSO CONSIDER IF THE PASSWORD 1 AND 2 ARE THE SAME */
if($password1==$password2 && !empty($username) && !empty($name) && !empty($phone) && !empty($email)){ /* IF PASSWORD1 IS THE SAME WITH PASSWORD2 */
/* INSERT QUERY */
$query = mysqli_query($con,"INSERT INTO users (username,password,name,phone,email) VALUES ('$username','$password1','$name','$phone','$email')");
echo "Registration Successfull";
} /* END OF IF PASSWORD1 IS EQUALS TO PASSWORD2 */
else {
echo "Alert('Password is not the same.')";
exit();
}
/* Captcha Validation */
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
} /* END OF ISSET SUBMIT */
?>
Your HTML file:
<html>
<body>
<h2>Registration Form</h2>
<form action='YourPHPFile' method='POST'>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
</form>
</body>
</html>
Related
The PHP script supposed to receive two variables : username and password but it doesn't do that and it always "echo" : "missing input".
I tried to echo the two variables but nothing was echoed, which i think means that they are not initialized.
This is the script:
require_once ('connect.php');
$username= $_POST['username'];
$password= $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!empty($username) && !empty($password)) {
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if(mysqli_query($con,$query)) {
echo "Welcome";
mysqli_close($con);
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
else {
echo "missing input";
}
I tried sending the post data using Postman and via HTML page but both returned the same thing: "missing input"
This is the HTML i used
<form action="mlog.php" method="post">
<input type="textbox" name="username" value="username" />
<input type="textbox" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
its <input type="text">
<form action="mlog.php" method="post">
<input type="text" name="username" value="username" />
<input type="text" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
Check if the login button was clicked, then check if the username and password are not empty then assign the vars to them if not.
<?php
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username= $_POST['username'];
$password= $_POST['password'];
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if($r) {
echo "Welcome";
//redirect
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
?>
I created a sign up page for my website in php . In my code I put if the username , password confirm password and/or email is empty it would give then an error , which it does , but it still says that the user was created . I don't want that to happen . If any of the user fields are empty I want them to go back to the sign up page and fill out the missing fields . All it does is give the echo statement and then it says user was created .
sign up.php:
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post" action="process2.php">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up.<br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
?>
Process2.php:
<?php
include("db.php");
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up. <br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
So basically what I tried is putting the if the fields are empty statements before the code that sends the information to the database it doesn't work . I tried putting it after the code that sends the information to database it didn't work . I also tried putting it on the sign up page but it didn't work either .
What I want to happen is if any of the fields are empty nothing will be sent to the database . Can someone help me ?
update :
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])) {
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
include("db.php");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (($_POST['submit'])){
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
I would place some of the signup and process code in the same page like this in signup.php (notice I have also removed the "action" code from the form tag:
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])){
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (!empty($_POST['submit'])){
//place most of the code from your process.php code here
echo "processing";
}
firstly check your connection to the database also check your users table if the field is nullable if it so then you might wanna put some try-catch block on your code to see the errors.
You need to redirect to signup.php when validation fails..For this you can check the input and if either of it empty then you can redirect in process2.php as:
if(empty($username) || empty($pw) || empty($pw2) || empty($email))
{
header( "refresh:5;url=signup.php" );
} else {
//You can do your things here..
}
At first, I apologize for the mess of code.
I am new to PHP and I was watching a video and practicing update the password and confirmation. I was able to pass the e-mail validation(empty), however once I tried to submit password and new password along with, it kept showing that I did not fill in the password and the new password.
Could someone help me to review my code? Thank you very much.
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
include ('connection.php');
$errors = array();
if (empty($_POST['email']))
{
$errors[] = 'Require your email! ';
}
else
{
$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
if (empty($_POST['password']))
{
$errors[] = 'Require your password!';
}
else
{
$p = mysqli_real_escape_string($dbc, trim($_POST['password']));
}
if (!empty($_POST['newpass']))
{
if ($_POST['newpass'] != $_POST['conpass'])
{
$errors[] = "Your new password does not match the confirmed password!";
}
else
{
$np = mysqli_real_escape_string($dbc, trim($_POST['newpass']));
}
}
else
{
$errors[] = 'You forgot to enter your new password!';
}
if(empty($errors))
{
$q = "SELECT id FROM users WHERE (email='$e' AND password='$p')";
$r = mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if($num == 1)
{
$row = mysqli_fetch_array($r, MYSQLI_NUM);
$q = "UPDATE users SET password='$np' WHERE id = '$row[0]'";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1 )
{
echo "You have succesfully update your password.";
}
else
{
echo "Your password could not be changed due to a system error, please try again.";
}
mysqli_close($dbc);
}
else
{
echo "The Email and the password were in correct.";
}
}
else
{
echo "Error! The following error(s) occured: <br />";
foreach($errors as $msg)
{
echo $msg."<br />";
}
}
}
?>
<h1>Change Password</h1>
<form action="update.php" method="post">
<p>Email: <input type="text" name="email" size="20" maxlenght="30" value="<?php if(isset($_POST['email'])){echo $_POST['email'];} ?>" /></p>
<p>Current Password: <input type="password" name"password" size="20" maxlength="30" value="<?php if(isset($_POST['password'])){echo $_POST['password'];} ?>" /></p>
<p>New Password: <input type="password" name"newpass" size="20" maxlength="30" value="<?php if(isset($_POST['newpass'])){echo $_POST['newpass'];} ?>" /></p>
<p>Confirm Password: <input type="password" name"conpass" size="20" maxlength="30" value="<?php if(isset($_POST['conpass'])){echo $_POST['conpass'];} ?>" /></p>
<p><input type="submit" name="submit" value="Change Password" /></p>
</form>
You have syntax errors in your HTML code.
You missed = signs at these lines:
<input type="password" name"password" ...
should be <input type="password" name = "password"
<input type="password" name"newpass" ...
should be <input type="password" name = "password"
<input type="password" name"conpass" ...
should be <input type="password" name = "conpass"
The name tag is important for GET and POST methods. Thats what allows data to be sent from the input fields to the server.
OK, here is updated version of your code:
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
include ('connection.php');
$errors = array();
$email=trim($_POST['email']);
$password=trim($_POST['password']);
$newpass=trim($_POST['newpass']);
$conpass=trim($_POST['conpass']);
if (empty($email)) {
$errors[] = 'Require your email! ';
} else {
$e = mysqli_real_escape_string($dbc, $email);
}
if (empty($password)) {
$errors[] = 'Require your password!';
} else {
$p = mysqli_real_escape_string($dbc, $password);
}
if (!empty($newpass)) {
if ($newpass != $conpass){
$errors[] = "Your new password does not match the confirmed password!";
} else {
$np = mysqli_real_escape_string($dbc, $newpass));
}
} else {
$errors[] = 'You forgot to enter your new password!';
}
if(empty($errors)){
$q = "SELECT `id` FROM `users` WHERE (`email` LIKE '$e' AND `password` LIKE '$p') LIMIT 0, 1";
$r = mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if($num == 1){
$row = mysqli_fetch_array($r, MYSQLI_NUM);
$q = "UPDATE `users` SET `password` LIKE '$np' WHERE `id = '$row[0]'";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1 ){
echo "You have succesfully update your password.";
} else {
echo "Your password could not be changed due to a system error, please try again.";
}
mysqli_close($dbc);
} else {
echo "The Email and the password were in correct.";
}
} else {
echo "Error! The following error(s) occured: <br />";
foreach($errors as $msg){
echo $msg."<br />";
}
}
}
First before empty() check you need to trim() POST's, Also in MySQL query strings you need to search with LIKE for password and email, not = becouse that is string not integer.
Also:
<p>Email: <input type="text" name="email" size="20" maxlenght="30" value="<?php if(isset($_POST['email'])){echo $_POST['email'];} ?>" /></p>
<p>Current Password: <input type="password" name="password" size="20" maxlength="30" value="<?php if(isset($_POST['password'])){echo $_POST['password'];} ?>" /></p>
<p>New Password: <input type="password" name="newpass" size="20" maxlength="30" value="<?php if(isset($_POST['newpass'])){echo $_POST['newpass'];} ?>" /></p>
<p>Confirm Password: <input type="password" name="conpass" size="20" maxlength="30" value="<?php if(isset($_POST['conpass'])){echo $_POST['conpass'];} ?>" /></p>
<p><input type="submit" name="submit" value="Change Password" /></p>
You forgot to put = after name attributes.
I'm new to using PDO's and I'm having trouble with my code. I found out how to insert the user's information into the database but I cannot figure out how to login with the same registered information. Any advice would be great
The registration form
<?php
session_start();
$dbh=new PDO("mysql:host=localhost;dbname=csci409_starter","root","root");
$fields = array(
'first_name'=>'First Name',
'last_name'=>'Last Name',
'email'=>'Email',
'password'=>'Password',
);
//If the form has been submitted, validate it.
if(isset($_POST['submit'])){
//Create an array to hold the values we want to insert.
$values = array();
//For each of the fields we want, check if the field was posted, and if so trim it and use it. Otherwise use NULL.
foreach($fields AS $field=>$label){
//This line is using the ternary operator, it's basically a shorthand if/else assignment.
$values[$field] = isset($_POST[$field]) ? trim($_POST[$field]) : NULL;
}
$errors = array();
/*First and Last Names are required. strlen will return the string's length */
if(!isset($values['first_name']) || !strlen($values['first_name'])){
$errors['first_name'] = 'Please Enter a First Name';
}
if(!isset($values['last_name']) || !strlen($values['last_name'])){
$errors['last_name'] = 'Please Enter a Last Name';
}
//If there are any errors, display the form again. Otherwise, insert the data
if(!count($errors)){
$sql = "INSERT INTO googlereaderreplacement.users (first_name, last_name, email, password)
VALUES (?, ?, ?, ?)";
$stmt = $dbh->prepare($sql);
/* array_values() will pull just the array's values, without the string keys.
The positional placeholder requires a numeric key. */
$result = $stmt->execute(array_values($values));
}
}
?>
<style>
label{
display: block;
margin: 5px 0;
}
.error{
font-weight: bold;
color: #BB0000;
}
</style>
<?php
//If the form was submitted and an insert was attempted, display a message.
if(isset($result)){
if($result){
echo '<b>Successfully Inserted!</b>';
}else{
echo '<b>Unable to Insert</b>';
print '<pre>'.print_r($stmt->errorInfo(), true);
}
}
?>
<h1>Insert Contact</h1>
<form action="register.php" method="post">
First Name: <input type="input" name="first_name" id="first_name" value="" />
<br/>
Last Name: <input type="input" name="last_name" id="last_name" value="" />
<br/>
Email (Username): <input type="text" name="email" id="email" value="" />
<br />
Password: <input type="password" name="password" id="password" value="" />
<br />
Confirm Password: <input type="password" name="password2" id="password2" value="" />
<br />
<input type="submit" value="Register" name="submit" id="submit" />
</form>
<form action="index.php">
<input type="submit" value="Return to Main page">
</form>
The Index Page
<?php
session_start();
if(isset($_SESSION['name'])){
echo 'Welcome back '.$_SESSION['name'], 'Logout';
} else {
echo 'Login<br />
Register';
}
?>
and the login page
<?php
session_start();
$error = NULL;
// form login logic here
if(isset($_POST['submit']))
{
$valid = TRUE;
// form validation goes here
// assumed valid
if($valid)
{
$safe_email = mysql_real_escape_string($_POST['email']);
$safe_password = sha1($_POST['password']);
$sql = "SELECT id, created, first_name, last_name, email, level FROM users WHERE email = '$safe_email' AND password = '$safe_password'";
// echo $sql;
require_once "_db_connect.php";
$results = mysql_query($sql, $db);
$row = mysql_fetch_assoc($results);
// echo '<pre>';
// print_r($row);
// echo '</pre>';
$_SESSION['first_name'] = $_SESSION['name'] = $row['first_name'];
$_SESSION['email'] = $row['email'];
$_SESSION['level'] = $row['level'];
$_SESSION['id'] = $row['id'];
header("Location: index.php");
}
}
// look for messages
if(isset($_GET['msg']))
{
switch($_GET['msg'])
{
case 1:
echo '<h2>Please login below!</h2>';
break;
}
}
$title = "Login";
$h1 = "Login Below";
?>
<!-- content -->
<form action="login.php" method="post">
<?php
echo $error;
?>
Email (Username): <input type="text" name="email" id="email" value="" />
<br />
Password: <input type="password" name="password" id="password" value="" />
<br />
<input type="submit" value="Login" name="submit" id="submit" />
</form>
I am currently coding pages for a social network (it's only going to run locally) for my senior project and I am running in to these redirect errors that I have no clue on how to solve. There are around three pages that have the 'header('location:...') code in it. I didn't know what it would do at the different levels of coding so I put all of the coding with an equal amount of indention.
index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
$u_check = ""; //Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["user_password"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form>
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" />
<input type="password" size="25" name="user_password" id="user_password" placeholder="password" /><br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/mysql_connect.inc.php");
// starts the session
session_start();
// checks whether the user is logged in or not
$user = $_SESSION["user_login"];
if (!isset($_SESSION["user_login"])) {
header("location: index.php");
exit();
}
else
{
header("location: home.php");
exit();
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
home.php
<?
session_start();
$user = $_SESSION["user_login"];
//If the user is not logged in
if (!isset($_SESSION["user_login"])) {
header('location: index.php');
exit();
}
else
{
//If the user is logged in
echo "Hi, $user, You're logged in<br />Welcome to what is soon to be your NEWSFEED";
}
?>
You've got a catch-22 in your code:
index.php includes your function library
the function library checks for the existence of that session variable.
if the variable doesn't exist, redirect to index.php
e.g. you've written a very complicated version of the classic BASIC 10 GOTO 10.