I've got a big issue with my website. I've made a profile page which will allow users to amend their details, and then submit. Upon submitting the details should be updated in the database, however I just get a blank page and nothing happens. I've been up for 30+ hours trying to figure things out but no luck. It's likely to be screwed up, as now is my brain.
Any help would be GREATLY appreciated.
Profile amend page:
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index</title>
<link href="External style sheet layout.css" rel="stylesheet" type="text/css" />
<h1><?php echo date("D M d, Y G:i a"); ?>
<?php $welcome = 'Hi';
if (date("H") < 12) {
$welcome = 'Good Morning';
} else if (date('H') > 11 && date("H") < 18) {
$welcome = 'Good Afternoon';
} else if(date('H') > 17) {
$welcome = 'Good Evening';
}
echo $welcome;
?></h1>
<div class="Login">
<h3><ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
<li>Welcome <?php echo $_SESSION["authenticatedUser"] ?></li>
<li><span>Log Out</span></li>
<?php } else {?> <li><span>Log In</span></li> <?php } ?>
<li>Register</li>
<li>Basket</li>
</ul></h3>
</div>
</head>
<body>
<div id="container">
<div id="header">
<img src="Images/Schurter3.jpg" width="800" height="300" alt="Schurter" />
</div>
<div id="navigation">
<ul id="navbar">
<li>Home</li>
<li>Components
<ul>
<li>Circuit Protection
<li>Connectors</li>
<li>Switches</li>
<li>EMC Products</li>
<li>Other Products</li>
</ul>
</li>
<li>Electronic Manufacturing Services
<ul>
<li>Application Examples</li>
<li>Processes</li>
</ul>
</li>
<li>About</li>
<li>Contact</li>
</ul>
</div>
<?php
include 'db.inc';
//Check to see if a customer ID has been passed in the URL
$memberID = $_GET["memberID"];
// Has a custID been provided? If so, retrieve the customer
// details for editing.
if (!empty($memberID))
{
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
$query = "SELECT * FROM members WHERE id = " . $memberID;
//Get the recordset
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_assoc($recordSet);
//Check for errors
//if (!$recordSet)
// print $connection->ErrorMsg();
// else
// {
// Load all the form variables with customer data
$Firstname = $row['Firstname'];
$Surname = $row['Surname'];
$Emailaddress = $row['Emailaddress'];
$Username = $row['Username'];
$Password = $row['Password'];
// }//End else
}
?>
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
<input type="hidden" name="memberID" value="<?php echo $memberID;?>">
<label>First name*</label>
<input name="Firstname" placeholder="Enter first name here" value="<?php echo $Firstname;?>" required/>
<label>Surname*</label>
<input name="Surname" placeholder="Enter surname here" value="<?php echo $Surname;?>" required/>
<label>Email*</label>
<input name="Emailaddress" type="email" placeholder="Enter email here" value="<?php echo $Emailaddress;?>" required/>
<label>Username*</label>
<input name="Username" type="text" placeholder="Enter a desired username" value="<?php echo $Username;?>" required/>
<label>Password*</label>
<input name="Password" type="password" placeholder="Enter a desired password" value="<?php echo $Password;?>" required/>
<input id="submit" name="submit" type="submit" value="Update Details">
</form>
</body>
</html>
And this is the update action page:
<?php
require('db.inc');
$memberID = $_GET["id"];
echo $memberID;
// trim the POSTed values - gets rid of unecessary whitespace
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Emailaddress = $_POST['Emailaddress'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
//Here we use validation at the server
// Vaildate the firstname
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Customer Details Error</title></head>
<body bgcolor="white">
<h1>Customer Details Error</h1>
<?=$errorString?>
<br>Return to the customer form
</body>
</html>
<?php
// If we made it here, then the data is valid
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
// this is an update
if (!empty($memberID))
{
$query = "UPDATE members SET ".
"Firstname = '$Firstname', Surname = '$Surname', " .
"Emailaddress = '$Emailaddress', Username = '$Username', Password = '$Password', " .
" WHERE id = $memberID";
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
echo "Your updates are complete!";
}
?>
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
Fix this one to:
<?php
session_start();
if (isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
The first one is wrong, it checks for a username if there is no username then it displays the username else it doesnt.
On-topic:
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
Change the above line to:
<form name="RegisterForm" action="ProfileUpdate.php?id=<?php echo $memberID ?>" method="post" >
As your profileUpdate.php is requesting a member ID, this is necessary and after this, the code should work!
Related
I've been working on a project that has to do with renting houses. Visitors can register or log-in, and only logged-in users can Add a house for rental. Each user has his own profile showing his username, email and accommodations he has uploaded for rental.
My problem is that I cannot retrieve the email of the logged in user. Also, on my MySQL DB I'm using a foreign key in my accom(modation) table, which references the primary key(USER-ID) of the users. The key fails to match the USER-ID.
Any advice would be really helpful. Thank you a lot in advance.
Posting some of the code below:
register.php
<?php include('server.php') ?>
<? php
if (isset($_SESSION['username'])) {
$_SESSION['msg'] = "You're now logged in.";
unset($_SESSION["register.php"];
header('Location: user_index.php');
}
?>
<!DOCTYPE html>
<html>
<link href="https://fonts.googleapis.com/css?family=Eater" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="mystyle.css">
<body>
<p id="pagetitle">Booking Planet </p>
<div class="navbar" id="topnav">
<button onclick="document.getElementById('id01').style.display='block'"
style="width:auto;">Login</button>
<button onclick="document.getElementById('id02').style.display='block'"
style="width:auto;">Register</button>
HOME
</div>
<?php
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT * FROM accom");
echo "<p> </p>";
echo "<div class='acclist'> Explore some fairytale destinations.. </div>";
echo "<ul>";
while($row = mysqli_fetch_array($result))
{
$image=$row['image'];
$target = "images/".basename($image);
echo "<img src='" . $target . "' width=800 height=500/>";
echo "<li id='title'><b>" . $row['title'] . "</b></li>";
echo "<li> Description: <i>" . $row['description'] . "</i></li>";
echo "<li> Address: <i>". $row['address'] . "</i></li>";
echo "<li> Available from: <i>" . $row['checkin'] . "</i></li>";
echo "<li> Available until: <i>" . $row['checkout'] . "</i></li>";
?><button onclick="document.getElementById('id01').style.display='block'"
type='button' class='bookbtn'>Log-in to book now!</button>
<?php
echo "<li><img src='sepline.png' width=1500 height=75> </li>";}
echo "</ul>";
mysqli_close($db);
?>
</div>
<div id="id01" class="modal">
<? php include('errors.php'); ?>
<form action="" method="post" class="modal-content animate" name="login" >
<div class="logocontainer"> Booking Planet
</div>
<h3> Account Log-in. </h3>
<div class="container">
<? php echo $errors; ?>
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password"
required>
<button type="submit" name="login_user">Login</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl1">Cancel</button>
</div>
</form>
</div>
<!-- REGISTRATION -->
<div id="id02" class="modal">
<form action="" method="post" class="modal-content animate" name="register"
>
<div class="logocontainer"> Booking Planet
</div>
<h3> Create an account. </h3>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Name</b></label>
<input type="text" placeholder="Enter your Name!" name="name" required>
<label><b>Surname</b></label>
<input type="text" placeholder="Enter your Surname!" name="surname" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
<label><b>Email</b></label>
<input type="email" placeholder="Enter Email" name="email" required>
<div class="avatar"><label>Select your avatar: </label>
<input type="file" name="avatar" accept="image/*" required />
<button type="submit" name="reg_user">Register</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl2">Cancel</button>
</div>
</form>
</div>
<script src="myscripts.js"></script>
</body>
</html>
user_index.php: is pretty much similar to register.php, it's where people who have registered or logged-in are redirected. I'm posting the beginning of the code.
<?php include('server.php'); ?>
<?phpinclude('auth.php');
session_start();
if ($_SESSION['username']<1) {
session_destroy();
unset($_SESSION['username']);
header("Location: register.php");
}
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT email FROM users WHERE
username='$_SESSION['username']'");
$row = mysqli_fetch_array($result);
$_SESSION['email'] = $result;
$username = $_SESSION['username'];
$_SESSION['id']=$id;
header("Location: server.php");
?>
server.php: contains the validation for registration and logging-in. Also, links to the DB. I will be skipping the validation parts.
<?php
session_start();
$email=$_SESSION['email'];
// initializing variables
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
//...validationon code
//once no errors, register user
if (count($errors) == 0) {
$password = md5($password);//encrypt the password before saving in the
database
$query = "INSERT INTO users (username, email, password, name, surname)
VALUES('$username', '$email', '$password', '$name', '$surname')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}
}
// LOGIN USER
$msg = '';
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND
password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
session_start();
$_SESSION['email']=$row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['id']= $id;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}else {
echo $msg;
}
}
}
auth.php
<?php
session_start();
if(!isset($_SESSION["username"])){
echo $errors; }
?>
For any additional information you might need, please feel free to ask anything.
I am genuinely sorry for the block of text and code.
I am creating a form to connect to a database using PHP. I have the form semi-functional but when I'm trying to test it by pressing the submit button, it says file not found on the webpage.
Here is code for default.php:
<!DOCTYPE HTML> <html> <head>
<title>PHP FORM - 08246 ACW PART 2</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="http://www.w3schools.com/lib/w3.css"> <style> .error {color:
#FF0000;} </style> </head> <body>
<ul class="w3-navbar w3-black w3"> <li>Home</li> <li>Change location to staff member</li> <li>Current location of all staff</li> <li>Edit personal details of staff member</li> <li>List all locations and show list of people in selected location</li> <li>Staff member and list locations for last24 hours</li> </ul>
<div class="w3-container"> <h2> Web Form </h2> </div>
<div class="w3-container"> <?php // defining the variables and setting them to empty values $first_nameErr = $SurnameErr = $usernameErr = $passwordErr = $previous_LocationErr = $current_LocationErr = $dateErr = $timeErr = $dErr = $tErr = ""; $first_name = $Surname = $username = $password = $previous_Location = $current_Location = $date = $time = $dErr = $tErr = "";
//----validation----
//first name if($_SERVER["REQUEST_METHOD"] == "POST"){ if(empty($_POST["first_name"])){ $first_nameErr = "First Name is required"; }else{ $first_name = test_input($_POST["first_name"]); //validation checking if(!preg_match("/^[a-zA-Z ]*$/",$first_name)){ $first_nameErr = "Please enter only letter and white space"; } }
//surname if($_SERVER["REQUEST_METHOD"]=="POST"){ if(empty($_POST["Surname"])){ $SurnameErr="Surname is required"; }else{ $Surname=test_input($_POST["Surname"]); //validation checking if(preg_match("/^[a-zA-Z ]*$/",$Surname)){ $SurnameErr = " Please enter only letters and white spaces"; } }
//date and time date_default_timezone_set('UTC');
$d = str_replace('/',',', '03/05/2016'); $t = str_replace(':',',', '13:38'); $date = $t.',0,'.$d; $fulldate = explode(',',$date); echo '<br>'; $h = $fulldate[0]; $i = $fulldate[1]; $s = $fulldate[2]; $m = $fulldate[3]; $d = $fulldate[4]; $y = $fulldate[5];
echo date("h-i-s-M-d-Y",mktime($h,$i,$s,$m,$d,$y))."<br>"; echo strtotime ("03/05/2016 13:38");
function test_input($data){ $data=trim($data); $data=stripslashes($data); $data=hmtlspecialchars($data); return $data; } ?>
<?php//database
#server info
#$servername = "SQL2008.net.dcs.hull.ac.uk";
#$username = "ADIR\463142";//userid
#$dbname = "rde_463132"; $servername = "SQL2008.net.dcs.hull.ac.uk"; $username = "username"; $myDB = "examples"; $myLocation = "location";
// Create connection $conn = new mysqli($servername, $username, $myLocation); // Check connection if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); }
// Create database $sql = "CREATE DATABASE myDB"; if ($conn->query($sql) === TRUE) {
echo "Database created successfully"; } else {
echo "Error creating database: " . $conn->error; }
$conn->close(); ?>
<p><span class="error">* are required field.</span></p> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> First Name: <input type="text" name="first_name"><br> <span class="error">* <?php echo $First_nameErr;?></span> <br> Surname: <input type="text" name="Surname"><br> <span class="error">* <?php echo $SurnameErr;?></span> <br> Username: <input type="text" name="username"><br> <span class="error">* <?php echo $username;?></span> <br> Current Location: <input type="text" name="current_Location"><br> <span class="error">* <?php echo $current_Location;?></span> <br> Date: <input type="text" name="date"><br> <span class="error">* <?php echo $date;?></span> <br> Time: <input type="text" name="time"><br> <span class="error">* <?php echo $time;?></span> <br>
<input type="submit" name="submit" value="Submit"> </form>
</div> </body> </html>
I am new to this language and still learning.
Any help or advice would be greatly appreciated.
Thank you
What version of PHP you are using to run this script?
As I can see you are using "Register globals" setting to get $_POST data: http://php.net/manual/en/security.globals.php
If you have PHP version 5.4+ you should use $_POST['form_field_name1'] ... $_POST['form_field_nameN'] to get form data.
Add check:
if (!empty($_POST)) { /* Form validation data goes here */ }
File is incorrect, the form action url points to default.php but your filename is defaul.php
Make if default.php instead of defaul.php
For better handling:
In console of your browser, please check the http call, you can see the error it is showing if its a 500 (check logs / enable the debug mode)
I am trying to detect a form click using if(isset($_POST['appSelecter'])){ however it seems to not be returning true. This might be to do with the fact that my button click returns to the same page which would loose the form data i had just populated. Can someone confirm if my assumption is correct and if so - how would i need to change this?
Thanks
tried to only paste a sample piece of code to not confuse matters - seems i have made things worse - here is the full flow
<?php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--META-->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Portal Login</title>
<!--STYLESHEETS-->
<link href="css/style.css" rel="stylesheet" type="text/css" />
<!--SCRIPTS-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<!--Slider-in icons-->
<script type="text/javascript">
$(document).ready(function() {
$(".username").focus(function() {
$(".user-icon").css("left","-48px");
});
$(".username").blur(function() {
$(".user-icon").css("left","0px");
});
$(".password").focus(function() {
$(".pass-icon").css("left","-48px");
});
$(".password").blur(function() {
$(".pass-icon").css("left","0px");
});
});
</script>
</head>
<body>
<!--WRAPPER-->
<div id="wrapper">
<!--SLIDE-IN ICONS-->
<div class="user-icon"></div>
<div class="pass-icon"></div>
<!--END SLIDE-IN ICONS-->
<!--LOGIN FORM-->
<form name="login-form" class="login-form" action="index.php" method="post">
<!--HEADER-->
<div class="header">
<!--TITLE--><h1>Client Portal Login</h1><!--END TITLE-->
<!--DESCRIPTION--><span>Please login to your client portal</span><!--END DESCRIPTION-->
</div>
<!--END HEADER-->
<!--CONTENT-->
<div class="content">
<!--USERNAME--><input name="username" type="text" class="input username" value="Username" onfocus="this.value=''" /><!--END USERNAME-->
<!--PASSWORD--><input name="password" type="password" class="input password" value="Password" onfocus="this.value=''" /><!--END PASSWORD-->
</div>
<!--END CONTENT-->
<!--FOOTER-->
<div class="footer">
<!--LOGIN BUTTON--><input type="submit" name="submit" value="Login" class="button" /><!--END LOGIN BUTTON-->
<!--REGISTER BUTTON--><input type="submit" name="submit" value="Register" class="register" /><!--END REGISTER BUTTON-->
</div>
<!--END FOOTER-->
</form>
<?php
include("application.php");
if(isset($_POST['submit'])){
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
if(isset($_POST['appSelecter'])) {
echo "this is a test message";
}
}
}
function printUserApplicationSelectionForm($applicationsForUser){
echo "<br/>";
echo "<br/>";
echo "<br/>";
echo "<br/>";
foreach ($applicationsForUser as $app) {
?>
<form action="index.php" method="post">
<input type="hidden" name="userid" value="<?php echo $app->getUserid(); ?>">
<input type="hidden" name="name" value="<?php echo $app->getName(); ?>">
<input type="hidden" name="created" value="<?php echo $app->getDateCreated(); ?>">
<input type="hidden" name="invoice" value="<?php echo $app->getInvoice(); ?>">
<input type="hidden" name="comment" value="<?php echo $app->getComment(); ?>">
<input type="submit" name="appSelecter" value="<?php echo $app->getName(); ?>">
</form>
<?php
}
}
function getAppInformation($userid){
$applicationsForUser = array();
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM application WHERE userid = '$userid'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
$index = 0;
while($row = $val->fetch_assoc()){
$userid = $row['userid'];
$name = $row['name'];
$dateCreated = $row['date'];
$invoice = $row['invoiceid'];
$comment = $row['commentsid'];
$application = new Application($userid, $name, $dateCreated, $invoice, $comment);
$applicationsForUser[$index] = $application;
$index++;
}
}
}
$conn -> close();
return $applicationsForUser;
}
function logUserIn($username, $password) {
if(!isset($username) && !isset($password)){
return -1;
}
$result = -1;
//$conn = mysql_connect('localhost', 'web214-admin-ava', 'secondstory');
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
while($row = $val->fetch_assoc()){
$result = $row['id'];
break;
}
}
}
$conn -> close();
return $result;
}
?>
<!--END LOGIN FORM-->
</div>
<!--END WRAPPER-->
<!--GRADIENT--><div class="gradient"></div><!--END GRADIENT-->
</body>
</html>
You have used folowing in the form submit:
onClick="location.href='index.php'" // Making a GET request
This is not submitting the form using POST method. Remove this and it'll work.
Update: There is no submit button with name submit so this condion will not work:
if(isset($_POST['submit']))
Make it:
if(isset($_POST['appSelecter']))
You don't need if(isset($_POST['submit'])) instead use;
if(isset($_POST['appSelecter'])) {
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
}
}
You dont nee this
onClick="location.href='index.php'"
dont do anything , just apply value to button i, i think you have applied already ,
by location.href your request will be send by GET Method in thgis case no form elements sent to the server
if you allow native form submission then all form elements will be sent to server, in case of multiple forms , the only elements sent realted to that submit button form thats it
Hi i have got a sample php login system script. Unfortunately when i enter correct login credentials, it refreshes and remains on the index.php prompting me to login again. My guess is that the seession may not be storing properly.
Please Find the source code below:
index.php
<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="main">
<?php
if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
{
?>
<h1>Member Area</h1>
<p>Thanks for logging in! You are <b><?=$_SESSION['Username']?><b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
<ul>
<li>Logout.</li>
</ul>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please click here to try again.</p>";
}
}
else
{
?>
<h1>Member Login</h1>
<p>Thanks for visiting! Please either login below, or click here to register.</p>
<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
register.php
<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="main">
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
}
else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Register</h1>
<p>Please enter your details below to register.</p>
<form method="post" action="register.php" name="registerform" id="registerform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
<input type="submit" name="register" id="register" value="Register" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
base.php
<?php
session_start();
$dbhost = "MY HOST"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "MY DB"; // the name of the database that you are going to use for this project
$dbuser = "MY DB USER"; // the username that you created, or were given, to access your database
$dbpass = "MYPASSWORD"; // the password that you created, or were given, to access your database
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>
logout.php
<?php include "base.php"; $_SESSION = array(); session_destroy(); ?>
<meta http-equiv="refresh" content="0;index.php">
Please note that the registration is working correctly. its just that when i log in with the correct username and password its accepts but when refreshing asks me to login again. I would like for it to remain on the members area, until the logout is clicked.
Your if condition (in your index.php file) checks if it's empty; that is wrong.
Try this:
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username']))
or
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
instead of
if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
It look like your first condition is not correct.
The condition should be, if not empty then you are logged !!!
so I have this code for my form.
newuser.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="css/styles.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/fonts.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/newuser.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="page" class="container">
<div id="header">
<div id="logo">
<img src="img/minilogo.jpg" alt="" />
<h1>ADMIN</h1>
<span>PERMOHONAN DATA</span>
</div>
<div id="menu">
<ul>
<li class=""><a href="admin.php" >Home</a></li>
<li><a href="new.php" >USER</a></li>
<li><a href="#" >PENYEDIA</a></li>
<li><a href="#" >UPDATE</a></li>
<li><a href="logout.php" >LOG OUT</a></li>
</ul>
</div>
</div>
<div id="main">
<div id="banner">
<img src="img/pic01.jpg" alt="" class="image-full" />
<div id="welcome">Pendaftaran User Baru.
</div>
<div class="title">
<!--untuk form-->
<form class="form" action="submitnew.php" method="post" name="form" >
<ul><li>
</li>
</li>
<li>
<label for="name">Nama :</label>
<input type="text" name="name" required />
</li>
<li>
<label for="tel">No. Telefon:</label>
<input type="text" name="tel" required />
</li>
<li>
<label for="email">E-mail:</label>
<input type="email" name="email" placeholder="name#something.com" required />
<class="form_hint"> <script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
</li>
<li>
<label for="username">Username:</label>
<input type="text" name="username" required />
</li>
<li>
<label for="password">Password:</label>
<input type="password" name="password" required />
<!--<li>
<label for="admin">Admin</label>
<input id="radio1" name="admin" type="radio" class="radio-btn" value="admin" />
</li>-->
<li>
<button class="submit" type="submit">Create</button>
</li>
</ul>
</form>
</body>
</html>
the data will be pass through this,
submitnew.php
<?php
//debug mode
error_reporting(E_ALL);
ini_set('display_errors', '1');
//to show some error is smthng went wrong
$errors = array();
//connect to DB
$connection = mysql_connect('localhost','root','');
$db = mysql_select_db('permohonan_data',$connection);
//will run if user did submit the form
if (!empty($_POST)){
//connect sql server:
$name = $_POST['name'];
$tel = $_POST['tel'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
//no error til here
if (empty($error)){
//prevent SQL injection
$name = mysql_real_escape_string($name);
$tel = mysql_real_escape_string($tel);
$email = mysql_real_escape_string($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
}
//try insert value
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)";
//try
if (!mysql_query($query)){
//
//die(mysql_error());
$errors[] = "Can't insert the values";
}
else {
//on success
header("Location:new.php");
exit();
}
}
?>
the problem is, it won't connect to the database neither redirect to the new.php. it will only display blank page. did I code wrong?
you have error in query(missed the ending quotes in password ):
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)";
should be:
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password')";
and replace this:
if (empty($error)){
by
if (empty(mysql_error())){
for checking mysql error.
and instead of:
//connect to DB
$connection = mysql_connect('localhost','root','');
$db = mysql_select_db('permohonan_data',$connection);
try this:
//connect to DB
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db('permohonan_data',$connection) or die(mysql_error());
Problem is, you are using:
$errors = array();
and $error never gets a value in your code so no query executed :-)
Use this and let me know:
<?php
//debug mode
error_reporting(E_ALL);
ini_set('display_errors', '1');
//connect to DB
$connection = mysql_connect('localhost','root','');
mysql_select_db('permohonan_data',$connection);
//will run if user did submit the form
if (!empty($_POST)){
//connect sql server:
$name = $_POST['name'];
$tel = $_POST['tel'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
//prevent SQL injection
$name = mysql_real_escape_string($name);
$tel = mysql_real_escape_string($tel);
$email = mysql_real_escape_string($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$result = mysql_query("INSERT INTO admin (name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)");
if (!empty($result)) {
// check for empty result
if (mysql_affected_rows() > 0) {
$response = $result;
$response["success"] = 0;
$response["message"] = "One row effected";
// echoing JSON response
echo json_encode($response);
} else {
// No profile found
$response["success"] = 1;
$response["message"] = "No row effected";
// echo no users JSON
echo json_encode($response);
}
} else {
// No profile found
$response["success"] = 2;
$response["message"] = "No row effected";
// echo no users JSON
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = -1;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>