I am very new to PHP and I cannot get this if statement to echo when you click submit. My editor isn't showing any errors with the code and it seems to work fine, except for it not echoing the errors.
<html>
<LINK rel='stylesheet' href='style.css' type='text/css'>
<?php
$submit = $_POST['submit'];
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = md5(strip_tags($_POST['repeatpassword']));
$date = date('Y-m-d');
echo $date;
if ($sumbit)
{
if ($username&&$password&&$repeatpassword)
{
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
if(strlen($username)>25)
{
echo 'Length of username must be less than 25 charcters';
}
else
{
if (strlen($password)>25||strlen($password)<6)
{
echo 'Your password must be 6 to 25 characters long';
}
else
{
echo 'Success!';
}
}
}
else
{
echo 'Passwords do not match';
}
}
else
echo 'Fill in all the fields';
}
?>
<form action='register.php' method='POST'>
<table>
<tr>
<td>Username</td><br />
</tr>
<tr>
<td><input type='text' name='username'></td><br />
</tr>
<tr>
<td>Password</td><br />
</tr>
<tr>
<td><input type='password' name='password'></td><br />
</tr>
<tr>
<td>Repeat Password</td><br />
</tr>
<tr>
<td><input type='password' name='repeatpassword'></td><br />
</tr>
</table>
<p>
<input type='submit' name='submit' value='Register'>
</form>
</html>
There is a typo
its
if ($sumbit)
should be
if ($submit)
Add this at the beginning of your code:
ini_set("display_errors", true);
error_reporting(E_ALL);
You have to enable error reporting, its turned off by default afaik. Anyways:
if ($sumbit)
I suppose you want to check if its set. The function in php for that is called isset(), so your code would be:
if(isset($submit)) {}
Try this one, it may help you.
if (isset($_POST['submit']))
{
$submit = $_POST['submit'];
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = md5(strip_tags($_POST['repeatpassword']));
$date = date('Y-m-d');
echo $date;
if ((isset($username))&&(isset($password))&&(isset($repeatpassword)))
{
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
if(strlen($username)>25)
{
echo 'Length of username must be less than 25 charcters';
}
else
{
if (strlen($password)>25||strlen($password)<6)
{
echo 'Your password must be 6 to 25 characters long';
}
else
{
echo 'Success!';
}
}
}
else
{
echo 'Passwords do not match';
}
}
else
echo 'Fill in all the fields';
}
AND For Form use :
<form action='' method='POST'>
<input type='submit' name='submit' value='Register'>
</form>
try this
if(isset($_POST['submit']))
{
if (isset($_POST['username'], $_POST['password'], $_POST['repeatpassword']))
{
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = md5(strip_tags($_POST['repeatpassword']));
instead of
if ($sumbit)
{
if ($username&&$password&&$repeatpassword)
{
your are using sumbit and use submit
if ( !empty($submit) ){
{
there is a md5 of repeatpassword being done twice and md5 of password being done once. so the if condition fails
if ($password==$repeatpassword)
Before if submit condition
$password = strip_tags($_POST['password']);
$repeatpassword = md5(strip_tags($_POST['repeatpassword']));
Inside if submit condition
$password = md5($password);
$repeatpassword = md5($repeatpassword);
Related
<?php
echo "<h1>Register</h1>";
$submit = isset($_POST['submit']);
$fullname = strip_tags(isset($_POST['fullname']));
$username = strip_tags(isset($_POST['username']));
$password = strip_tags(isset($_POST['password']));
$repeatpassword = strip_tags(isset($_POST['repeatpassword']));
$date = date("Y-m-d");
if ($submit)
{
if ($fullname&&$username&&$password&&$repeatpassword)
{
}
else
echo "Please fill in <b>all</b> fields! ";
}
?>
The PHP Code above is the edited code with isset function.
Why is it that echo "Please fill in <b>all</b> fields! "; does not appear after clicking register button?. Any suggestion to run the program successfully?
Before inserting isset() function the code runs successfully. Anyone can explain?
Any Suggestions or any code structure?
I'm trying to create a login-registration system for the office.
Im a newbie in Php.
Included in the code is the full html used.
Thank you
The PHP Code below is the original code that outputs an error:
( ! ) Notice: Undefined index: submit in C:\wamp\www\registerloginsystem\register.php on line 4
( ! ) Notice: Undefined index: fullname in C:\wamp\www\registerloginsystem\register.php on line 6
Notice: Undefined index: username in C:\wamp\www\registerloginsystem\register.php on line 7
Notice: Undefined index: password in C:\wamp\www\registerloginsystem\register.php on line 9
Notice: Undefined index: repeatpassword in C:\wamp\www\registerloginsystem\register.php on line 10
<?php
echo "<h1>Register</h1>";
$submit = $_POST['submit'];
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if ($fullname&&$username&&$password&&$repeatpassword)
{
# code...
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
# code...
// Check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long!";
}
else
//check password length
{
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
// register the user!
}
}
}
else
echo "Your passwords do not match!";
}
else
{
echo "Please fill in <b>all</b> fields! ";
}
}
?>
<!DOCTYPE html>
<html>
<body>
<p>
<form action='register.php' method="POST">
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type="text" name="fullname">
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type="password" name="repeatpassword">
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Register" >
</form>
</body>
</html>
Try use empty(), like so:
<?php
echo "<h1>Register</h1>";
if(!empty($_POST)){
$submit = isset($_POST['submit']);
$fullname = strip_tags(isset($_POST['fullname']));
$username = strip_tags(isset($_POST['username']));
$password = strip_tags(isset($_POST['password']));
$repeatpassword = strip_tags(isset($_POST['repeatpassword']));
}
$date = date("Y-m-d");
if ($submit)
{
if (!empty($fullname) && !empty($username) && !empty($password) && !empty($repeatpassword))
{
}
else
echo "Please fill in <b>all</b> fields! ";
}
?>
<?php
echo "<h1>Register</h1>";
if(!empty($_POST)){
$submit = $_POST['submit'];
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
}
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if (!empty($fullname) && !empty($username) && !empty($password) && !empty($repeatpassword))
{
# code...
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
# code...
// Check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long!";
}
else
//check password length
{
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
// register the user!
}
}
}
else
echo "Your passwords do not match!";
}
else
{
echo "Please fill in <b>all</b> fields! ";
}
}
?>
Your code is not structured well. I'd suggest something like this:
<?php
$submit = isset($_POST['submit']);
if($submit)
{
if(empty($_POST['fullname']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['repeatpassword']))
{
echo "Please fill in all fields!";
}else{
/** continue
* with
* registration
**/
//like strip tags in input e.t.c
}
}
?>
This is how you should check whether your form is submitted.
if($_SERVER['REQUEST_METHOD'] == 'POST') {
//form handling code
}
You can check for variables like this if you are using PHP 7 and above
$fullName = $_POST['fullname']?? null;
I don't understand what is wrong with this code, I followed an old tutorial and it might be a bit dated so I'm unsure what is wrong. All the names for the database are correct and the functions should be fine, I have looked at the code for a while and can't see what is wrong.
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
?>
<!DOCTYPE html>
<head>
</head>
<body>
<?php
$form ="<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login'/></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']) {
$user = $_POST['user'];
if ($user) {
if ($password) {
require("connect.php");
$password = md5(md5("fghxjks".$password."HGJDjbCKGC"));
$query = mysql_query("SELECT * FROM userlogins WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = msql_fetch_assoc($query);
$dbuser = $row['username'];
$dbpass = $row['password'];
if ($password == $dbpass) {
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
echo "You have been logged in as <b>$dbuser</b>.";
}
else {
echo "The password you entered is not correct.";
}
}
else {
echo "The username you entered was not found. $form";
}
mysql_close();
}
else {
echo "You must enter your password. $form";
}
}
else {
echo "You must enter your username. $form";
}
}
else {
echo $form;
}
?>
</body>
The $password variable is not set. You should add:
$password = $_POST['password'];
Before if ($password)
Also, $user comes from user input ($_POST['user']). Never put user input directly in a mysql_query, as it makes the query vulnerable to SQL injection. In this case, the attacker won't be able to do much, because mysql_query doesn't support multiple queries. But you should always use mysql_real_escape_string on user input:
$query = mysql_query('SELECT * FROM userlogins WHERE username=\''.mysql_real_escape_string($user).'\'');
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
?>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
$form = "<form action='./log.php' method='POST'>
<table>
<tr>
<td>Username</td>
<td><input type='text' name='name'></td>
</tr>
<tr>
<td>Password</td>
<td><input type='text' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login'></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']) {
$user = $_POST['name'];
$password = $_POST['password'];
if($user) {
if($password) {
require('connect.php');
$password = md5($password)
//make user login info correct
$query = mysql_query("SELECT * FROM users where name= '$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['name'];
$dbpass = $row['password'];
$dbactive = $row['active'];
if($password == $dbpass) {
if($dbactive == 1) {
//set session info
$_SESSION['id'] = $dbid;
$_SESSION['name'] = $dbuser;
echo "You have logged in as <b>$dbname</b> <a href='en/index.html'>Click Here</a> to go on next page";
}
else {
echo "You must activate your account to login. $form";
}
}
else {
echo "You did not enter the correct password";
}
}
else {
echo "The username you entered was not found. $form";
}
mysql_close();
}
else {
echo "Tou must eneter your password. $form";
}
}
else {
echo "Tou must eneter a username. $form";
}
}
else {
echo $form;
}
?>
</body>
</html>
*My registration system instert password on db in md5 format.
but this login form can't find my password and print me problem "You did not enter the correct passsword".
How to sloving this problem?*
Persistently trying to solve the problem but have not been able
It may possible while inserting password into database some white space or other values are inserted alongwith password field. So once again check your inserting code. Use trim befor making password md5 like $password = md5(trim($password)) at both side(for Insert and Select). also note that it is case sensitive. As said in the comment section dont use md5 as it is not that much secure.
I am trying to write the script for resetting password, i have got the putting the token into database, and checking if the token exist in the database, and to the part where i am going to reset the database. But for some reason,it is updating the database where there are no tokens. I am not sure why.... I am very new to coding, hope my code isnt too hard to read and have too much flaws.
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
session_start();
include 'connect.php';
$token = isset($_GET['token'])?$_GET['token']:"";
echo"$token";
$check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
while($row = mysqli_fetch_array($check)){
$email = $row['email'];
}
if (mysqli_num_rows($check)==0)
echo ("Token Doesnt exist");
elseif($_POST) {
//get form data
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if (!$password){
echo "Please fill out all fields";
}
else if ($password1 !== $password)
{
echo "Password don't match";
}
else
{
echo"$email";
echo"token";
//encrypt password
$password = md5($password);
//check if username already taken
mysqli_query($con,"UPDATE Test SET password = '$password'
where email = '$email';") or die(mysqli_error($con));
//register into database
echo "Added";
}
}
else
{
?>
<form action='ResetPassword.php' method='POST'>
Your new password:<br />
<input type='password' name='password1'><p />
Re-enter your new password:<br />
<input type='password' name='password'><p />
<input type='submit' name='Change Password' value='Change Password'>
</form>
<?php
}
?>
try
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
session_start();
include 'connect.php';
$token = isset($_GET['token']) ? $_GET['token'] : "";
if(!empty($token)) {
$check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
if (mysqli_num_rows($check)> 0) {
$row = mysqli_fetch_array($check)
$email = $row['email'];
}
else {
echo 'Email not found with this Token';
}
}
else {
echo 'Token does not exist';
}
if(!empty($email) && isset($_POST['changepass'])) {
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if (!$password){
echo "Please fill out all fields";
}
else if ($password1 !== $password) {
echo "Password don't match";
}
else {
//encrypt password
$password = md5($password);
//check if username already taken
mysqli_query($con,"UPDATE Test SET password = '$password' where email = '$email'") or die(mysqli_error($con));
echo "Added";
}
}
if(!isset($_POST['changepass'])){?>
<form action='ResetPassword.php' method='POST'>
Your new password:<br />
<input type='password' name='password1'><p />
Re-enter your new password:<br />
<input type='password' name='password'><p />
<input type='hidden' name='token' value='<?php if(isset($_GET['token'])) echo $_GET['token'];?>'>
<input type='submit' name='changepass' value='Change Password'>
</form>
<?php }
i got a problem on my validation script using php; when the user only fills out username form and emptied the password it still logs the user in it should show the user that the password field is blank error. i'm kinda new to php and i'm hoping you can help me. thanks!
here's my code for checking login
<?php
$usernameErr = $passwordErr = "";
$username = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
else
{$username =($_POST['username']);}
if (empty($_POST['password']))
{$passwordErr = "Password is required.";}
else
{$password =($_POST['password']);}
}
?>
<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}
else if($count==1)
{
header("location:main.php");
}
else
{
echo "Wrong username or password";
}
?>
Before anyone moans, I'm not replacing mysql with mysqli/PDO to answer the question. Yes it's wrong that it's used but it's not related to the question.
Correct model: if (there is not an error) { log the person in } else { do something else}.
Your model: check for errors. log the user in anyway.
This is what you're doing now
// checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
// blah blah check check check
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc
But what you need to do is this:
// check for errors and store them
$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
$errors['usernameErr'] = "Username is required."; // add an error
}else{
$username =($_POST['username']);
}
if (empty($_POST['password'])){
$errors['passwordErr'] = "Password is required."; // add an error
}else{
$password =($_POST['password']);
}
// etc etc
// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// etc etc
}else{
// if there were errors do something else
echo implode("<br />", $errors); // output the errors however you like
}
Try this for a start
<?php
/* validate form first */
if (!empty($_POST['username']))
{ $username = $_POST['username'];
}
else{ echo "Username is required."; }
if (!empty($_POST['password']))
{ $password = $_POST['password'];
}
else{ echo "password is required."; }
/* Do the queries second i.e */
SELECT * FROM Persons WHERE username='' AND password ='';
?>
hi,You should describe your question clearly,I have read your code and checked it ,when i not fills out password,it was really display Password is required.
general validation method is as follows:
if(empty($_POST['username'])){
$usererror = '...';
return false;
}else{
$username = $_POST['username'];
}
if(empty($_POST['password'])){
$passerror = '...';
return false;
}else{
$password = $_POST['password'];
}
The best way to handle error validation is to use same variable, especially if you have many input form data
$username = $_POST['username'];
$password = $_POST['password'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($username == '') {
$error_msg[]= 'Username is required';
} else if ($password == '') {
$error_msg[]= 'Password is required';
}
}
if (!empty($error_msg)) {
$ERROR_MSG = implode($error_msg);
exit;
}