Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Hi I made this very simple registration page I have 3 files: welcome.php, registration_form.php, and register.php
This is my code for welcome.php
<html>
<body>
<h1>WELCOME!</h1>
<form action="login.php" method="POST">
<p>Username: <input type="text" name="login_username" value=""> </p>
<p>Password: <input type="password" name="login_password" value=""></p>
<p><input type="submit" value="LOGIN" name="login" size="20"></p>
Register for new account
</body>
<html>
This is my code in registration_form.php
<html>
<body>
<h1>Register here</h1>
<form action="register.php" method="POST">
<p>Username: <input type="text" name="register_username" value=""></p>
<p>Password: <input type="password" name="register_password" value=""></p>
<p>Re-type Password: <input type="password" name="register_repassword" value=""></p>
<p>E-mail Address: <input type="text" name="register_email" value=""></p>
<p>Re-type E-mail Address: <input type="text" name="register_reemail" value=""></p>
<p><input type="submit" value="Register" name="register"></p>
</form>
</body>
<html>
This is my register.php
<html>
<body>
<?php
ob_start();
//=======================database variables
$host="localhost";
$db_username="root";
$db_password="";
$db="forum_members";
$db_table="members";
//=======================connect to database
mysql_connect("$host","$db_username","$db_password") or die("Could not connect to the database!");
mysql_select_db("$db") or die("database not found!");
//form variables
$register_user=$_POST['register_username'];
$register_pass=$_POST['register_password'];
$register_repass = $_POST['register_repassword'];
$register_email=$_POST['register_email'];
$register_reemail=$_POST['register_reemail'];
//protect database from MySQL database
$register_user=stripslashes($register_user);
$register_pass=stripslashes($register_pass);
$register_repass=stripslashes($register_repass);
$register_email=stripslashes($register_email);
$register_reemail=stripslashes($register_reemail);
$register_user=mysql_real_escape_string($register_user);
$register_pass=mysql_real_escape_string($register_pass);
$register_repass=mysql_real_escape_string($register_repass);
$register_email=mysql_real_escape_string($register_email);
$register_reemail=mysql_real_escape_string($register_reemail);
//check required fields
if (empty($register_user) || empty($register_pass)) {
echo "Please fill the required fields";
die();
}
if (empty($register_repass) || empty($register_email)) {
echo "Please fill the required fields";
die();
}
if (empty($register_reemail)) {
echo "Please fill the required fields";
die();
}
//check if username has alphanumeric characters only
if (!preg_match("/^[a-zA-Z0-9_]+$/", $register_user) || !preg_match("/^[a-zA-Z0-9_]+$/", $register_pass)) {
echo "Username and Password can only contain alphanumeric characters";
die();
}
//check username and password minimum length
if (strlen($register_user) < 4) {
echo "Username must be more than 4 characters!";
die();
}
if (strlen($register_pass) < 8) {
echo "Password must be at least 8 characters!";
die();
}
if ($register_pass !== $register_repass) {
echo "Your password did not match";
die();
}
if ($register_email !== $register_reemail) {
echo "Your E-mail address did not match";
die();
}
//check duplicate username
$duplicate_user="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_duplicate=mysql_query($duplicate_user);
$duplicate_result = mysql_num_rows($execute_duplicate);
if ($duplicate_result == 1) {
echo "This username is already used";
die();
}
//create MySQL Query
$query_insert="INSERT INTO $db_table(username, password, email) VALUES ('$register_user', '$register_pass', '$register_email')";
//execute MySQL query
$execute_insert=mysql_query($query_insert);
//$execute_insert=mysql_query($query_insert);
//check inserted data
$check_insert="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_insert1=mysql_query($check_insert);
$verify_insert=mysql_num_rows($execute_insert1);
if ($verify_insert==1) {
echo "Registration Successful! You may now login";
}
else {
echo "Registration Failed!";
}
ob_end_flush();
?>
</body>
</html>
My question is how can I use $_SERVER['PHP_SELF'] so that I can merge registration_form.php and register.php? So that I won't be working on multiple files. My goal is to display "Registration successful! You may now login" or "Registration failed" at the same page(preferably at the top) and when a guest didn't enter any information and clicked the 'register' button' it will go back to the registration form as if nothing happens. I tried to look for an answer in google, but it doesn't work.
P.S. I know there are a lot of flaws in my code, please be good. I'm just starting in studying php.
$_SERVER['PHP_SELF'] is for calling form action on same page. so you should give it in form action.
Now what you have done on register.php, simply put on same page with condition if data posted..like if(isset)
put this code in your registration_form.php
<?php
ob_start();
//=======================database variables
$host="localhost";
$db_username="root";
$db_password="";
$db="forum_members";
$db_table="members";
//=======================connect to database
mysql_connect("$host","$db_username","$db_password") or die("Could not connect to the database!");
mysql_select_db("$db") or die("database not found!");
?>
<h1>Register here</h1>
<?php
// To confirm form is submitted
if(isset($_POST['register']))
{
//form variables
$register_user=$_POST['register_username'];
$register_pass=$_POST['register_password'];
$register_repass = $_POST['register_repassword'];
$register_email=$_POST['register_email'];
$register_reemail=$_POST['register_reemail'];
//protect database from MySQL database
$register_user=stripslashes($register_user);
$register_pass=stripslashes($register_pass);
$register_repass=stripslashes($register_repass);
$register_email=stripslashes($register_email);
$register_reemail=stripslashes($register_reemail);
$register_user=mysql_real_escape_string($register_user);
$register_pass=mysql_real_escape_string($register_pass);
$register_repass=mysql_real_escape_string($register_repass);
$register_email=mysql_real_escape_string($register_email);
$register_reemail=mysql_real_escape_string($register_reemail);
//check required fields
if (empty($register_user) || empty($register_pass)) {
echo "Please fill the required fields";
die();
}
if (empty($register_repass) || empty($register_email)) {
echo "Please fill the required fields";
die();
}
if (empty($register_reemail)) {
echo "Please fill the required fields";
die();
}
//check if username has alphanumeric characters only
if (!preg_match("/^[a-zA-Z0-9_]+$/", $register_user) || !preg_match("/^[a-zA-Z0-9_]+$/", $register_pass)) {
echo "Username and Password can only contain alphanumeric characters";
die();
}
//check username and password minimum length
if (strlen($register_user) < 4) {
echo "Username must be more than 4 characters!";
die();
}
if (strlen($register_pass) < 8) {
echo "Password must be at least 8 characters!";
die();
}
if ($register_pass !== $register_repass) {
echo "Your password did not match";
die();
}
if ($register_email !== $register_reemail) {
echo "Your E-mail address did not match";
die();
}
//check duplicate username
$duplicate_user="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_duplicate=mysql_query($duplicate_user);
$duplicate_result = mysql_num_rows($execute_duplicate);
if ($duplicate_result == 1) {
echo "This username is already used";
die();
}
//create MySQL Query
$query_insert="INSERT INTO $db_table(username, password, email) VALUES ('$register_user', '$register_pass', '$register_email')";
//execute MySQL query
$execute_insert=mysql_query($query_insert);
//$execute_insert=mysql_query($query_insert);
//check inserted data
$check_insert="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_insert1=mysql_query($check_insert);
$verify_insert=mysql_num_rows($execute_insert1);
if ($verify_insert==1) {
echo "Registration Successful! You may now login";
}
else {
echo "Registration Failed!";
}
ob_end_flush();
}
?>
<?php // To call form on same page ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<p>Username: <input type="text" name="register_username" value=""></p>
<p>Password: <input type="password" name="register_password" value=""></p>
<p>Re-type Password: <input type="password" name="register_repassword" value=""></p>
<p>E-mail Address: <input type="text" name="register_email" value=""></p>
<p>Re-type E-mail Address: <input type="text" name="register_reemail" value=""></p>
<p><input type="submit" value="Register" name="register"></p>
</form>
</body>
<html>
What is it ?
$_SERVER['PHP_SELF'] is not for calling form action on same page but you can use it this way.
$_SERVER['PHP_SELF'] contains the filename of the currently executing script, relative to the document root. this means if you are in http://domain.com/path/to/file.php then
$_SERVER['PHP_SELF'] would be /path/to/file.php.
How to use it?
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
How to merge then ?
$_SERVER['REQUEST_METHOD'] contains the current request method. i.e. GET, POST, PUT
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
// handle your form submition here
}
?>
<html>
...
<!-- show register form -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
How to avoid the submit due to a refresh of the page ?
redirect user to somewhere else.
header("Location: /path/to/somewhere");
but you don't like files, so redirect user to current url.
header("Location: {$_SERVER['PHP_SELF']}");
All in one:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
// handle your form submition here
// everything is ok.
header("Location: {$_SERVER['PHP_SELF']}");
}
?>
<html>
...
<!-- show register form -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
Related
not returning empty errro in else condition when the username field is empty and inserting data in databse in if condition is working well but when i try to return an error the page goes blank
<?php include "db.php"?>
<?php
if (isset($_POST['submit'])){
global $conn;
$error=array();
$username=$_POST['username'];
if($username==""){
$error="username is empty";
}
if(empty($error)){
$sql="INSERT INTO users (username,password,category)VALUES('$username','$password','$category')";
$res=mysqli_query($conn,$sql);
if($res){
echo "done";
}else{
echo "try again";
}
}else{
return $error;
}
}
?>
<html>
<body>
<fieldset style="width:30%;">
<form action="" method="post" enctype="multipart/form-data">
<label>Username</label>
<input type="text" name="username" placeholder="username" id="username" ><br>
<input type="submit" name="submit" id="submit" value="submit">
</form>
</fieldset>
</body>
</html>
I found so many errors during execution please check the following code.
1) It should be empty($username) instead of $username == '' basically that doesn't matter, it will be work either of the methods
2) you have return $error; which means it will only return print nothing
so you need to use print_r($error) there is no function to return so you can simply print that error on the top of the form.
3) use parameterize query instead of passing variables to query.
if still not working please uncomment that two lines just after php tag and check for the error
one more suggestion I have added for error you can display the errors just after the field like below
Please check for the <span> tag just added after input and style error class as you want like color border etc.
<?php
//error_reporting(-1);
//ini_set('display_errors',true);
include "db.php";
if (isset($_POST['submit'])){
global $conn;
$error=array();
$username=$_POST['username'];
$password=$_POST['password'];
if(empty($username)){
$error['username']="username is empty";
}
if(empty($password)){
$error['password']="password is empty";
}
if(empty($error)){
$sql="INSERT INTO users (username,password,category)VALUES(?, ?, ?)";
if ($stmt = $mysqli->prepare($sql)) {
$stmt->bind_param("sss", $username,$password,$category);
if($stmt->execute())
echo "Done";
else
echo "Try Again!";
}
} else {
//print_r($error);
}
}
?>
<html>
<body>
<fieldset style="width:30%;">
<form action="" method="post" enctype="multipart/form-data">
<label>Username</label>
<input type="text" name="username" placeholder="username" id="username" ><br>
<span class='error'><?=$error['username']?></span></br />
<input type="password" name="password" placeholder="password" id="password" ><br>
<span class='error'><?=$error['password']?></span></br />
<input type="submit" name="submit" id="submit" value="submit">
</form>
</fieldset>
</body>
</html>
Try with this script.
<?php
if (isset($_POST['submit']))
{
global $conn;
$error=array();
$username=$_POST['username'];
if($username == ""){
$error="username is empty";
}else{
$sql="INSERT INTO users (username,password,category)VALUES('$username','$password','$category')";
$res=mysqli_query($conn,$sql);
if($res){
echo "done";
}else{
echo "try again";
}
}
//THIS IS ARRAY SO YOU HAAVE TO PRINT LIKE THIS
print_r( $error);
}
You don't have to need use else statement twice.just check whether error is empty or not and run.
Happy Coding :-)
I have this line of code and I am trying to send an error message if the username password combination don't match, the thing is the message displays when I access the page, even before i enter a username and password. how do I make the message appear ONLY after login failed?
Thanks!!
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
if(($user == "someusername") && ($pass == "somepassword"))
{
include("../securedfile.php");
}
else{
$message = "Invalid User/Password - Please Try Again";
echo "<script type='text/javascript'>alert('$message');</script>";
}
if(isset ($_POST))
{?>
<div class="secure">
<form method="POST" action="secure.php">
username:<input class="user" type="text" name="user"></input><br/><br/>
password:<input class="pass" type="password" name="pass"></input><br/><br/>
<button class="submit" type="submit" name="submit">SUBMIT</span></button>
</form>
</div>
<?}
}
?>
There is the parenthesis problem with the 'else', then the form is calling secure.php instead of calling itself, there's no isset...The rewritten code below would be a better way of doing it. And have checked it, it works. (The name of this whole file - new.php)
<div class="secure">
<form method="POST" action="new.php">
username:<input class="user" type="text" name="user"></input><br/><br/>
password:<input class="pass" type="password" name="pass"></input><br/><br/>
<button class="submit" type="submit" name="submit">SUBMIT</span></button>
</form>
</div>
<?php
// checking the user
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "someusername" && $pass == "somepassword")
{
include("../securedfile.php");
}
else
{
$message = "Invalid User/Password - Please Try Again";
echo "<script type='text/javascript'>alert('$message');</script>";
}
}
?>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I am trying to make a page where a user logs in and they are taken to a personalized page. What I am having problems with is, while the user is still logged in, if they type in the generic url, that they are still logged in and their personalized page is viewable. (Similar to when you are logged into Facebook and it goes straight to your feed if you type in www.facebook.com) I tried using sessions for this, but am having no luck.
<?php
if(isset($_REQUEST['user']) != true) {
?>
<html>
<head>
<title>Welcome</title>
</head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>
If you have an existing account, log in here:<br>
<form name="loginForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /></br>
<input type="submit" value="Login" />
</form>
<br>
<hr>
<br>
Otherwise, if you'd like to create an account, please fill out the following form:<br>
<form name="createAccountForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /><br>
First name: <input type="text" name="fname" /><br>
Last name: <input type="text" name="lname" /><br>
<input type="hidden" name="create" value="true">
<input type="submit" value="Create Account" />
</form>
</body>
</html>
<?php
}
else if(isset($_REQUEST['user']) == true) {
session_start();
if(!isset($_SESSION['uname']))
{
header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
exit;
}
// personalized page code
}
EDIT:: A solution first for your own existing code. should work fine.
<?php
session_start();
if(isset($_REQUEST['user'])) {
if(isset($_SESSION['uname']))
{
header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
exit;
}
// personalized page code
} else {
?>
<html>
<head>
<title>Welcome</title>
</head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>
If you have an existing account, log in here:<br>
<form name="loginForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /></br>
<input type="submit" value="Login" />
</form>
<br>
<hr>
<br>
Otherwise, if you'd like to create an account, please fill out the following form:<br>
<form name="createAccountForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /><br>
First name: <input type="text" name="fname" /><br>
Last name: <input type="text" name="lname" /><br>
<input type="hidden" name="create" value="true">
<input type="submit" value="Create Account" />
</form>
</body>
</html>
<?php
}
?>
Here is a login solution of my own (stripped out a bit to be generic) it also includes the code for a PDO query of the database and checking of a password with php's password_hash function. I will point out the code that is specifically relevant to your question:
Assuming that as you are building a login page, and wanting to send users to other parts of the site relevant to their status. I think the whole script is relevant. You can easily swap and change what happens as a result of the session variable values.
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
//start the session before sending any other output
session_start();
require('dbconn.php');
// checks if a session eid has been set, if so, send them to the usercp.
if(isset($_SESSION['eid'])){ header("Location: usercp.php"); } else {
try{
//build a login page
$loginpage ="<html><head><title>Portal Login</title></head><body>";
$loginpage.="<div align=\"center\" id=\"box\">";
$loginpage.="<table><tr><td><img src=\"images/login.jpg\" /></td></tr>";
$loginpage.="<tr><td><div align=\"center\">";
$loginpage.="<font face=\"Courier New, Courier, monospace\">Please enter your email<br /> address and password.</font><br />";
$loginpage.="<br /><form action=\"\" method=\"post\" name=\"login\" ><div align=\"right\">";
$loginpage.="<font face=\"Courier New, Courier, monospace\">Email:</font><input type=\"text\" size=\"40\" name=\"email\" />";
$loginpage.="<br /><br /><font face=\"Courier New, Courier, monospace\">Password:</font><input type=\"password\" size =\"40\" name=\"password\" />";
$loginpage.="<br /></div><br /><input type=\"reset\" value=\"Reset\" /> ";
$loginpage.=" <input name=\"submit\" type=\"submit\" value=\"Login!\" />";
$loginpage.="</form></div></td></tr></table></div></body></html>";
//checks if somebody is trying to login
if(isset($_POST['submit']))
//checks that the username and password have both been filled out if not, show the login page
{ if(!$_POST['email'] || !$_POST['password'])
{
echo $loginpage;
echo "Please enter your login details";
} else { //otherwise search the database for the email address
$db = NEW pdo($dsn, $db_user, $db_pass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$email = $_POST['email'];
$password = $_POST['password'];
$check = $db->prepare("SELECT * FROM employees WHERE email = :email");
$check->bindParam(":email", $email);
$check->execute();
//unset the session variables
unset($_SESSION['eid']);
unset($_SESSION['email']);
unset($_SESSION['userlevel']);
unset($_SESSION['fname']);
//check if the password hash matches php's hash of the password
if(($row = $check->fetch()) && (password_verify($password,$row['password']))) {
// set the session variables
$_SESSION['eid'] = $row['eid'];
$_SESSION['email'] = $row['email'];
$_SESSION['userlevel'] = $row['userlevel'];
$_SESSION['fname'] = $row['fname'];
// if the user's userlevel is higher than 1 give them the option of the admin page
if($row['userlevel'] > "1") {
echo "<center><a href='usercp.php'><h1>User Panel</h1></a><br><br><a href='admin/admincp.php'><h1>Admin Panel</h1></a></center>";
} else { //otherwise send them straight to the usercp
header("Location: usercp.php");
}
} else { //if the email is not found or password is incorrect, show the loginpage again
echo $loginpage;
echo "Login details incorrect, please contact your manager.";
}
}
} else { //if nobody has logged in already, or tried to log in just now, show the login page
echo $loginpage;
}
//pdo error reporting code
} catch (PDOException $e) {
throw $e;
}
}
?>
I'm a beginner at php and I have created a simple login system with php and mysqli for my website however my code wont validate such as "username doesnt exist" and im not sure how to make the account for the user so that it is individual. My code is in 3 files and all linked. connection.php contains session_star(); and connection to the database
Homepage.php - what the form appears on
<?php
include 'login.php';
?>
<section>
<img id="image1" src="homepic.jpg" alt="logo" />
</section>
loginform.php
<link rel="stylesheet" href="homecss.css"/>
<div id="form">
<h2>Login</h2>
<form method="post" action="loginSubmit.php">
User Name: <br/>
<input type="name" name="username" type="text" /><br />
Password: <br/>
<input id="password" name="password" type="password" /><br />
<input type="submit" name="logsubmit" value="Login" />
</form></div>
login.php
<link rel="stylesheet" href="homecss.css"/>
<?php
include './connection.php';
?>
<div id="form">
<?php
if(!isset($_SESSION['authenticatedusername'])){
include './loginform.php';
if (!empty($_POST['username'])) {
echo "Username is required";
}
if (!empty($_POST['password'])) {
echo "Password is required";
}
}
else{
echo 'welcome '. $_SESSION['authenticatedusername'];
echo '<br/> logout ';
echo '<br/> My account ';
//check to see if error message is to be displayed
if (isset($_SESSION['message'])){
echo $_SESSION['message']="login failed";
}
?>
</div>
loginSubmit.php
<?php
include "connection.php";
if(isset($_POST['logsubmit'])){
$user=$_POST['username'];
$pass=$_POST['password'];
$query= "SELECT * FROM users WHERE user_name='$user' AND user_password='$pass'";
$result=mysqli_query($connection, $query);
if ($row = mysqli_num_rows($result) >0){
$_SESSION['authenticatedusername']=$user;
header ("Location: homepage.php");
} else{
echo $_SESSION['message'];
header("Location: homepage.php");
}
}
?>
You are taking wrong condition on empty()
if (!empty($_POST['username'])) { // If username is filled, you are showing error.
echo "Username is required";
}
if (!empty($_POST['password'])) { // If password is filled, you are showing error.
echo "Password is required";
}
Should be
if (empty($_POST['username'])) { // If username is not filled, show error.
echo "Username is required";
}
if (empty($_POST['password'])) { // If password is not filled, show error.
echo "Password is required";
}
This code shall find the error in your MySQL query, as it points there. The error may be caused by unescaped user and pass variables or typo in field name... whatever, it will show you.
<?php
include "connection.php";
if(isset($_POST['logsubmit'])){
$user=mysqli_real_escape_string($connection, $_POST['username']);
$pass=mysqli_real_escape_string($connection, $_POST['password']);
$query= "SELECT * FROM users WHERE user_name='$user' AND user_password='$pass'";
if (!$result=mysqli_query($connection, $query)) {
echo "<div>$query</div>"; //this outputs your query as sent to MySQL
echo "<div>".mysqli_error($connection)."</div>"; // this will output the mysql error
}
if ($row = mysqli_num_rows($result) >0){
$_SESSION['authenticatedusername']=$user;
header ("Location: homepage.php");
} else{
echo $_SESSION['message'];
// header("Location: homepage.php"); //disabled to see the error
}
}
?>
Homepage
Here is my complete code....
Connect.php
$connect = #mysql_connect ($host, $username, $password, $db_name) or die ('error');
$select = #mysql_select_db($db_name, $connect) or die('check');
password .php
//forgot password update
include('C:\wamp\www\header.html');
//check if form has been submitted
include('C:\wamp\www\connect.php');
//connecting to db
$errors = array();
if(isset($_POST['submitted'])) {
if (empty($_POST['username']))
{
$errors[]='Please enter a username.';
}
else
{
$u = mysqli_real_escape_string($connect,trim($_POST['username']));
}
//check for current password
if (empty($_POST['password']))
{
$errors[]='Current password does not match.';
}
else
{
$p = mysqli_real_escape_string($connect,trim($_POST['password']));
}
//check for a new password and match with confirm pass.
if(!empty($_POST['password1']))
{
if($_POST['password1'] != $_POST['cpass'])
{
$errors[] = 'The entered password and confirm password do not match.';
}
else
{
$np = mysqli_real_escape_string($connect,trim($_POST['password1']));
}
}
if(empty($errors)){
//if everything is fine.
//verify the entered email address and password.
$q="SELECT username FROM users WHERE (username='$u' AND password=SHA1('$p'))";
$r=#mysqli_query($connect,$q);
$num = #mysqli_num_rows($r);
if($num==1)
//if it matches.
//get user id
{
$row=mysqli_fetch_array($r, MYSQLI_NUM);
//udpdate query.
$q="UPDATE users SET password= SHA1('$np') WHERE username=$row[0]";
$r=#mysqli_query($connect, $q);
if (mysqli_affected_rows($connect) ==1)
{
echo '<h3>Your password has been updated.</h3>';
}
else {
echo '<h3>Whops! Your password cannot be changed due a system error. Try again later. Sorry</h3>';
echo '<p>' .mysqli_error($connect). 'Query:' . $q.'</p>';
}
exit();
}
else
{
//invalid email and password
echo 'The entered username and password do not match.';
}
}
else
{
//report the errors.
echo '<h1> Err... </h1>
<p> The following error(s) have occured</p>';
foreach ($errors as $msg)
{
echo "--$msg<br />\n";
}
echo '</p><p>Please Try Again.</p><p><br/></p>';
}
mysqli_close($connect);
}
?>
<html>
<head></head>
<body>
<div id="container">
<h1>Change your password</h1>
<form action="password.php" method="post">
Username:<br>
<input type="text" name="username" size="20" maxlength="80" />
<br>
Current Password<br/>
<input type="password" name="password" />
<br/>
New Password<br/>
<input type="password" name="password1" />
<br/>
Confirm New Password<br/>
<input type="password" name="cpass" />
<br/>
<input type="submit" name="submit" value="Change Password"/>
<input type="hidden" name="submitted" value="TRUE"/>
</form>
</div>
<?php
include('C:\wamp\www\footer.html');
?>
http://www.php.net/manual/en/mysqli.real-escape-string.php
mysqli_real_escape_string
Parameters
link
Procedural style only: A link identifier returned by mysqli_connect() or mysqli_init()
escapestr
The string to be escaped.
Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.
The first parameter must be a link identifier and not a string containing the DB name as it seems to be.
first parameter must be a link identifier, a value returned by http://www.php.net/manual/en/function.mysqli-connect.php or http://www.php.net/manual/en/mysqli.init.php
Blockquote