This question already has answers here:
How can I get useful error messages in PHP?
(41 answers)
Closed 9 years ago.
I'm trying to create a sign up form. However whnever I click on the sign up button, the database does not get updated but just shows the blank signup.php page. Any ideas?
This is my php code
<?php
include("config.php");
//including config.php in our file
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
$qry = mysql_query($check);
$num_rows = mysql_num_rows($qry);
if ($num_rows > 0) {
// Check if username exists or not.
echo "The username you have entered already exists. Please try another username. Thank you";
echo 'Try Again';
exit;
}
// Insert the new user into the database
$query = "INSERT INTO Users (`firstname`,`lastname`,`email`,`username`,`password`,`is_active`) VALUES ('".$first_name."','".$last_name."','".$username."','".$password."','".$mail."','1');";
mysql_query($query);
echo "Thank You for Registering with us. You will now be able to use all our facilities.";
echo 'Click Here to login you account.';
exit;
}
?>
This is my html form
<html>
<head>
<title>Registration Page | Simple login form</title>
</head>
<body>
<div id="containt" align="center">
<form action="signup.php" method="post" class="form-signup">
<div id="header"><h2 class="sansserif">Sign up</h2></div>
<table>
<tr>
<td>Select Your Firstname:</td>
<td> <input type="text" name="firstname" size="20" placeholder="First name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Lastname:</td>
<td> <input type="text" name="lastname" size="20" placeholder="Last name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Username:</td>
<td> <input type="text" name="username" size="20" placeholder="User name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Password:</td>
<td><input type="password" name="password" size="20" placeholder="Password"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Email:</td>
<td> <input type="text" name="email" size="20" placeholder="Email"><span class="required">*</span>
</td>
</tr>
<tr>
<td><input type="submit" value="Sign Up" class="btn btn-large btn-primary"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
if(!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname'])
&& !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
You check if username='$user' but you didn't declared any variable with the name of '$user'.
You should write:
$check = "SELECT * from users where username = '".$username."'";
Related
I am trying to create a simple registration form. I have a file for connecting to database
conn.php
<?php
$db_name = "bp_reader";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$conn = mysqli_connect ($server_name, $mysql_username, $mysql_password, $db_name);
/*the connection here is fine*/
if($conn){ echo "connected"; }else{ echo "not connected"; }
?>
the registration php
<?php
require "conn.php";
$name = $_POST["name"];
$email = $_POST["email"];
$age = $_POST["age"];
$height = $_POST["height"];
$weight = $_POST["weight"];
$password = $_POST["password"];
//check if user exists
$sql = "select * from user_profile where user_email like '".$email."';";
$result = mysqli_query($conn, $sql);
$response = array();
if(mysqli_num_rows($result) > 0){
$code = "registration failed";
$message = "User already exists";
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}else {
$sql = "insert into user_profile values ('".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
$result = mysqli_query($conn, $sql);
$code = "registration Success";
$message = "Thank you for registration... you can login now..";
//jason data
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}
mysqli_close($conn);
?>
and i have a simple html registration form
<html>
<body>
<form action="register.php" method="post">
<table>
<tr>
<td>Name:</td>
<td>
<input type="text" name="name" /> </td>
</tr>
<tr>
<td>Email:</td>
<td>
<input type="email" name="email" /> </td>
</tr>
<tr>
<td>DOB:</td>
<td>
<input type="date" name="age" /> </td>
</tr>
<tr>
<td>height:</td>
<td>
<input type="number" name="height" /> </td>
</tr>
<tr>
<td>weight:</td>
<td>
<input type="number" name="weight" /> </td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type="password" name="password" /> </td>
</tr>
<tr>
<td>
<input type="submit" value="Register" /> </td>
</tr>
</table>
</form>
</body>
</html>
The problem is when I fill the form and submit, I get the correct response that the registration is successful however when I check my database on phpMyAdmin, the database remain unchanged. I am not able to figure out where the problem is.
If you have id field as identifier and autoincrement, you should set its:
$sql = "insert into user_profile values ('', '".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
I m trying to login page using email id and password. login page redirects to application form where user as to enter all the details and the details as to be saved in the email id entered during the login. the email id which is entered in the login page should be posted to application form and it as to be in readonly. I m not able to post the email id from login page to application form
How can i do this?
here is a table
name|email|password|surname|mname|........
name,email,password will be entered into db using signup form
here is the code
login.php
<?php
include('db.php');
if(isset($_POST['action']))
{
if($_POST['action']=="login")
{
$email =mysqli_real_escape_string($connection,$_POST['email']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$strSQL = mysqli_query($connection,"select * from cvformat where email='".$email."' and password='".md5($password)."'");
$Results = mysqli_fetch_array($strSQL);
if(count($Results)>=1)
{
echo "<script>window.open('form.php','_self')</script>";
}
else
{
echo "<script>alert('Invalid ID or Password!')</script>";
}
}
form.php
<div id="header" align="center"><img src="images/header.png" alt="" /></div>
<form name="XIForm" id="XIForm" method="POST" action="pdf/pdf1.php">
<table border="0px" cellspacing="0px" cellspacing="10px" align="center" width="700px">
<tr>
<td style="width:200px;"><div class="label"><b >Surname, Name:</b></div></td>
<td><input type="text" name="surname" id="surname" style="width:250px; padding:5px;"/></td>
</tr>
<tr>
<td style="width:200px;"><div class="label"><label><b >Middle Initial:</b></label></div></td>
<td><input type="text" name="mname" id="mname" style="width:250px; padding:5px;"/></td>
</tr>
<tr>
<td style="width:200px;"><div class="label"><label><b >Email ID</b></label></div></td>
<input type="text" name="email" id="email" class="input" size="40" value="<?php if(isset($_GET['email'])) { echo $_GET['email']; } ?>" readonly> <br /> <br />
</tr>
pdf.php
$surname = "";
$mname = "";
$email = "";
if($_REQUEST["formType"] == "reg") {
$surname = $_REQUEST["surname"];
$mname = $_REQUEST["mname"];
$email = $_REQUEST["email"];
$formType = "reg";
}
$username = "root";
$password = "";
$hostname = "localhost";
$db = "cv";
//connection to the database
$dbhandle = mysqli_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysqli_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['update'])){
mysqli_query("UPDATE cvformat SET surname='".$_POST['surname']."', mname='".$_POST['mname']."',dob='".$_POST['dob']."', city='".$_POST['city']."',region='".$_POST['region']."',country='".$_POST['country']."', diocese='".$_POST['diocese']."', nationality='".$_POST['nationality']."', fname='".$_POST['fname']."',mothername='".$_POST['mothername']."', edate='".$_POST['edate']."', city2='".$_POST['city2']."', region2='".$_POST['region2']."',country2='".$_POST['country2']."',datef='".$_POST['datef']."',dateo='".$_POST['dateo']."',city3='".$_POST['city3']."',region3='".$_POST['region2']."' WHERE email='".$_POST['hidden']."'") or die(mysqli_error());
};
What is the problem with the code.
Your Window.open script refreshes the page, as the page gets refreshed the post value become untrue.
Calling script inside PHP is not suggested by many coders.
If I was you, I wouldnot refresh the page. instead
//if user submited the form
if(isset($_POST['action']) {
//fetch user input values
//verify the input values with database
if($loginBool){
//show content after login
} else {
//show error form
}
} else {
//show login form
}
Using Session variable is most simple and wise solution. So need some changes
In your login.php
On the top after php tag paste this line
session_start();
and also after this line.
$email =mysqli_real_escape_string($connection,$_POST['email']);
Add one line for storing email into session variable. look below
$_SESSION['email']= $email;
Then in the form.php, You have to rewrite this code as little changes
<tr>
<td style="width:200px;"><div class="label"><label><b >Email ID</b></label></div></td>
<input type="text" name="email" id="email" class="input" size="40" value="<?php if(isset($_SESSION['email'])) { echo $_SESSION['email']; } ?>" readonly> <br /> <br />
</tr>
Don't use GET method for passing email
Please try
Login.php
session_start();//Start the session at the top
include('db.php');
if(isset($_POST['action']))
{
if($_POST['action']=="login")
{
$email =mysqli_real_escape_string($connection,$_POST['email']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$_SESSION['email']=$email;
echo $_SESSION['email'];//ad this line and tell me are you getting in the login.php. its just to check weather you got value or not
In form
Start the session at the top.
Thats your input email
<input type="text" name="email" id="email" class="input" size="40" value="<?php
if(isset($_SESSION['email'])) { echo $_SESSION['email']; } ?>" readonly> <br /> <br />
I'm trying to make a website with a member section. To signup on the member section, you must already be in the database. You're given your username and password, then when you signup you can enter your email, address, and password.
So my problem is that I'm getting an error saying that the username or reg_id were incorrect, when I know that I am entering the correct info.
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
Here is my Login Form:
<form action="function.php?signup" method="post">
<table cellspacing="20" class="span12">
<tr>
<td>
<input type="text" name="name" placeholder="Full Name">
</td>
</tr>
<tr>
<td>
<input type="email" name="email" placeholder="Email">
</td>
</tr>
<tr>
<td>
<input type="text" name="address" placeholder="Address">
</td>
</tr>
<tr>
<td>
<input type="text" name="reg_id" placeholder="Your Registration ID">
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Password">
</td>
</tr>
<tr>
<td>
<input type="submit" placeholder="Confirm Signup" value="Confirm Signup">
</td>
</tr>
</table>
</form>
On the function.php I have a bunch of different functions etc. but the one for the signup form is:
elseif (isset($_GET['signup'])) {
$username = $_POST['username'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("
SELECT *
FROM users
WHERE username = '$username'
AND registration_id = '$reg_id' ", $con);
if (!$qry) {
mysql_close($con);
die("Query Failed: " . mysql_error());
} else {
$row = mysql_fetch_array($qry);
}
if ($_POST['username'] == $row["username"] && $_POST['reg_id'] == $row["registration_id"]) {
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry = mysql_query("
INSERT INTO users
(password, profile_email, profile_address)
VALUES ('$password', '$email', '$address')", $con);
if (!$qry) {
die("Query Failed: " . mysql_error());
} else {
header('location: index.php?success-msg=You have successfully signed up');
}
}
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}
I'm not sure what I messed up on, or if I even did that right, as I am still learning. I would like to thank anyone who helps me in advance, all help is much appreciated.
-James
$_POST['username'] should be $_POST['name'] accoding to HTML form.
Use update instead of INSERT.
Following is the corrected PATCH:
$qry = mysql_query("UPDATE users SET password='$password',profile_email='$email',profile_address='$address'
WHERE registration_id='$reg_id'");
you could use something like this :
if (isset($_GET['signup'])){//if
$username = $_POST['name'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("SELECT * FROM users WHERE username='$username' AND registration_id='$reg_id'", $con) or die(mysql_error());
$row=mysql_num_rows($qry);
if($row == '1'){ ///if regcode exists
////insert into database
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry2 = mysql_query("INSERT INTO
users(password,profile_email,profile_address)
VALUES ('$password','$email','$address')", $con) or die(mysql_error());
header('location: index.php?success-msg=You have successfully signed up');
}///if regcode exists
else{
///didn't find the reg id
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}//if
every time click login it return me to the login screen
this is my first code to login
<form action="" method="post" name="log">
<table border="0" align="center">
<tr>
<td colspan="4"><span style="font-size:18px; color:#039; font-weight:bold;">Login</span></td>
</tr>
<tr>
<td width="113">User name</td>
<td width="120"><span id="sprytextfield1">
<input name="Uname" type="text" id="LogInUname" size="20" />
<span class="textfieldRequiredMsg"><br />
A value is required.</span></span></td>
</tr>
<tr>
<td>Password</td>
<td><span id="sprypassword1">
<input name="Pword" type="password" id="LogInPword" size="20" />
<br />
<span class="passwordRequiredMsg">A value is required.</span></span></td>
</tr>
<tr>
<td><span class="newUsers">New user</span></td>
<td></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" name="submitid" id="LogInbutton" value="Login" /></td>
</tr>
</table>
</form>
<?php
session_start();
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
$Pword = $_POST['Pword'];
$Uname = stripslashes($Uname);
$Pword = stripslashes($Pword);
$Uname = mysqli_real_escape_string($db, $Uname);
$Pword = mysqli_real_escape_string($db, $Pword);
$loginUser = " select * from loginaccess where Uname= '".$Uname."' and Pword='".$Pword."'";
$loginUserResults=$db->query($loginUser) or die($db->error);
if($loginUserResults -> num_rows == 1) {
$_SESSION['log']=1;
header('Location:index.php?learn_id=12');
}else{
header('Location:index.php?learn_id=320');
}
}
?>
<?php ob_flush() ?>
and this is the other page that it should go to
<?php
session_start();
if (!(isset($_SESSION['log']) && $_SESSION['log'] != 1)) {
header ("Location:index.php?learn_id=3");
}
?>
now please some one tell me why I am every time try to login I return to the login page what is wrong there.
First: This line
$_SESSION['log']==1; // compare
should be
$_SESSION['log']=1; // assign
Second: I don't see the session_start(); at the very top of your first page (login)
Third: Do not use both stripslashes and mysqli_real_escape_string. The latter is enough (better if you use a PDO).
Call the session_start();
<?php
session_start();
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
....
$_SESSION['log']=1; //assign a value
...
?>
Maybe you've forgot to type
session_start();
On the beginning of the login code, right after
<?php ?
It should look like this :
<?php
session_start(); // Here
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
$Pword = $_POST['Pword'];
$Uname = stripslashes($Uname);
$Pword = stripslashes($Pword);
Your problem seems to be $loginUserResults->num_rows in your if-statement. You're referring to it as it would be part of mysqli class, even though it's part of the mysqli_stmt class.
Modify your code as follows:
$loginUser = " select * from loginaccess where Uname= '".$Uname."' and Pword='".$Pword."'";
$stmt = $mysqli->prepare($loginUser);
$stmt->execute();
$stmt->store_result();
And then your if:
if($stmt->num_rows == 1) {
$_SESSION['log']=1;
header('Location:index.php?learn_id=12');
}
I am trying to create simple user registration form. I have an index.html file and a register.php file. When I click the submit button it goes to the register.php page, but nothing happens. There's no error or anything. I have some echo statements in register.php but they also don't work.
This is the code for index.html:
<form action="register.php" method="post">
<table width="384" border="1" align="center">
<? echo '<tr><td colspan="2">'.$final_report.'</td></tr>';?>
<tr>
<td width="50%">Username:</td>
<td width="50%"><label>
<input name="username" type="text" id="username" size="30" />
</label></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" value="" size="30" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" type="text" id="email" size="30" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="register" type="submit" id="register" value="Register" />
</label></td>
</tr>
</table>
</form>
This is code for register.php:
<?
include_once"config.php";
if(isset($_POST['register'])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y");
if($username == NULL OR $password == NULL OR $email == NULL){
$final_report.= "Please complete the form below..";
}else{
if(strlen($username) <= 3 || strlen($username) >= 30){
$final_report.="Your username must be between 3 and 30 characters..";
}else{
$check_members = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
if(mysql_num_rows($check_members) != 0){
$final_report.="The username is already in use!";
}else{
if(strlen($password) <= 6 || strlen($password) >= 12){
$final_report.="Your password must be between 6 and 12 digits and characters..";
}else{
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$final_report.="Your email address was not valid..";
}else{
$create_member = mysql_query("INSERT INTO `members` (`id`,`username`, `password`,`email`, `ip`, `date`)
VALUES('','$username','$password','$email','$memip','$date')");
$final_report.="Thank you for registering, you may login.";
}}}}}}
?>
Can anyone see the error?
include_once"config.php"
You seem to be missing a space. Either make it include_once "config.php" (notice the space in between) or include_once("config.php").
Also you set $final_report in register.php but I don't see where you are actually printing anything.
Edit: I see you are trying to print $final_report in index.php. This won't work as you expect unless you include the register.php code directly into index.html. Why don't you just have a single register.php file with both the registration script and the HTML code?