Can anyone see the error in this code as the code is only giving me back :
the name does not exist
It was all working fine now it does not.
If anyone can spot it please and correct me as I am still new to this.
<?php
// see if the form has been completed
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$username = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row ["username"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("host","****","*****"); mysql_select_db('db_k1003140');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $username . "'") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
Here is the HTML :
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Profile Update: <?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="style.css">
<script src="js/main.js"></script>
<script src="js/javascript.js"></script>
<script src="js/ajax.js"></script>
<style type="text/css">
#updateform{
margin-top:24px;
}
#updateform > div {
margin-top: 12px;
}
#updateform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
</style>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="usernamecss"> Username: <?php echo $username; ?></div>
<form action="update.php" method="POST" id="updateform">
<div>
<div>First Name: </div>
<input id="firstname" type="text" name="firstname" value="<?php echo $firstname?>" maxlength="16">
<div>Surname: </div>
<input id="surname" type="text" name="surname" value="<?php echo $surname?>" maxlength="16">
<div>Weight: </div>
<input id="weight" type="text" name="weight" value="<?php echo $weight?>" >
<div>Height: </div>
<input id="height" type="text" name="height" value="<?php echo $height?>" >
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
Go to Profile
</div>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>
Just a guess you comparing username field with firstname,
SELECT * FROM users WHERE firstname='" . $username . "'";
While it needs to be,
SELECT * FROM users WHERE username='" . $username . "'";
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Related
LOGINPAGE.html:
This is where the user will input their username and password. PHP method is POST.
<html>
<head>
<title>
LOG IN
</title>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<form action = "loginDatabase.php" method = "POST">
<label>User name:</label>
<input type="text" id="userNameID" name="userNameName" required>
<br />
<label>Password:</label>
<input type="password" id="passwordID" name="passwordName" required>
<br />
<input type="submit" id="submitLoginID" name="submitLoginName">
</form>
</body>
</html>
LOGINDATABASE.php:
This is the processing part where the mysql query will reference the record to be displayed on ADMINPAGE.php based on the username given on LOGINPAGE.php. I cannot figure out want went wrong in line 7 since I always get an error Notice: Undefined index: userNameName in /opt/lampp/htdocs/UsersDatabaseProgram/loginDatabase.php on line 7
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
session_start();
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '" . $_GET['userNameName'] . "'");
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
/*
This doesnt work
$email = $row['email'];
$userlevel = $row['userLevel'];
*/
$sql = "SELECT * FROM addUsers WHERE userName = '".$userName."' AND password = '".$password."'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if ($row["userLevel"] == "user") {
$_SESSION["userName"] = $userName;
header('location: userPage.php');
} elseif ($row["userLevel"] == "admin") {
$_SESSION["userName"] = $userName;
header('location: adminPage.php');
} else {
echo "<h1> Login failed. Invalid username or password.</h1>";
}
}
?>
ADMINPAGE.php:
This is where the name of the user, user level, and user status will be displayed.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
include('loginDatabase.php');
?>
<html>
<head>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<h2>Admin</h2>
Log-out <br />
View records <br />
Add Record <br />
<label>Welcome</label><br />
<?php echo $_SESSION["userName"] ?>
<br />
<label>User level: </label>
<?php
while ($row = mysqli_fetch_array($result)) {
?>
<input type = "text" name = "userLevelName" value = " <?php echo $row['userLevel']; ?>"> <br />
<label>Email: </label>
<input type = "text" name = "userEmailName" value = " <?php echo $row['email']; ?>">
<?php
}
?>
<br />
</body>
</html>
You're sending the data as a POST then trying to access it as GET (then retrieving it again on line 11 !!).
Change it to something like this:-
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
}
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '$userName'");
I have been making/learning some PHP, and I successfully made a login form. When I have tried to replicate this, it doesn't work at all.
--MY HTML--
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="login.php">
<input type="text" name="usrname" placeholder=" Username">
<br />
<br />
<input type="password" name="passwd" placeholder=" Password">
<br />
<br />
<input type="password" name="pin" placeholder=" PIN #">
<br />
<br />
<input type="submit" value="Login">
</form>
</body>
</html>
--LOGIN.PHP--
<?php
session_start();
include('php/db.php');
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = 'usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>trhhytrh</title>
</head>
<body>
</body>
</html>
P.S. When comparing the codes, there is no major difference apart from the names. Also, the code provided is the one that isn't working. Thanks in advance! :)
As I stated in comments:
WHERE usrname = 'usrname'"; it should read as WHERE usrname = '$usrname'";
You're presently looking/querying for the string literal of "usrname" in your database, rather than the POST array's variable.
Heed the warnings about SQL injection. You should use a prepared statement and a safe password hashing function when your site does go live, such as password_hash().
You should not put that much trust in people.
References:
http://php.net/manual/en/function.password-hash.php
https://en.wikipedia.org/wiki/Prepared_statement
https://en.wikipedia.org/wiki/SQL_injection
Try this:
Change this in html
<input type="submit" name="submit" value="Login">
Then in php
<?php
session_start();
include('php/db.php');
if(isset $_POST['submit']){
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = '$usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
}//End of if
else
{
echo "Form is not submitted";
}
?>
You have not submitted the form. PS you have commited a mistake in your query. You were not using variable there
I have a page in which the user can log in. A php script check the login values.
The problem is, when I enter my details in the form, I get redirected to the .php page but I get a blank screen. When I refresh that screen, it says "Unsuccesfull" because my email and password values aren't set anymore because of the refresh.
Why do I get a blank page after pressing "Log in"?
<!DOCTYPE html>
<html>
<head>
<title>Grippee - Login</title>
<link rel="stylesheet" href="style2.css" />
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" />
<link rel="stylesheet" href="themes/customtheme.css" />
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script>
</head>
<body>
<div data-role="page">
<div data-role="header">
<a class="ui-btn-left" href="index.html" data-icon="back">Terug</a>
<h1><span>Login</span></h1>
<a class="ui-btn-right" href="#" data-icon="info">i & €</a>
</div>
<div data-role="content" data-position="relative">
<div class="loginform">
<form id="loginForm" action="login.php" method="POST">
<span>Email adres:</span>
<input type="text" name="email" id="email"></input>
<span>Wachtwoord:</span>
<input type="password" name="password" id="password"></input>
<input type="submit" value="Login" />
</form>
</div>
</div>
<div data-role="footer" data-position="fixed"></div>
</div>
</body>
</html>
The PHP:
<?php
$email = "";
$password = "";
if (isset($_POST["email"]))
{
$email = $_POST["email"];
echo ($email);
}
else {
echo("Something is wrong");
}
if (isset($_POST["password"]))
{
$password = $_POST["password"];
echo($password);
}
$mysqli = new mysqli('localhost', 'qq', 'qq', 'qq', 3306);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$result = $mysqli->query("SELECT id FROM Consument WHERE email = '$email' AND wachtwoord = '$password'");
$rows = $result->num_rows;
if ($rows == 1)
echo ("Logged in!");
else
echo ("Unsuccesfull!");
?>
the query is not correct.
use this:
$result = $mysqli->query("SELECT * FROM Customer WHERE email = " . $email . " AND wachtwoord = " . $password);
I modified a bit your php. Give a try with it. Even like this is not the best approach but..
<?php
//enable all kind of errors to can debug properly
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
$email = "";
$password = "";
if ( isset($_POST["email"]) && isset($_POST["password"]))
{
$email = $_POST["email"];
$password = $_POST["password"];
echo ($email);
echo($password);
$mysqli = new mysqli('localhost', 'qq', 'qq', 'qq', 3306);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$result = $mysqli->query("SELECT * FROM Customer WHERE email = '".$email."' and wachtwoord = '".$password."'");
$rows = mysql_num_rows($result);
if ($rows == 1)
echo ("Logged in!");
else
echo ("Unsuccesfull!");
}
else {
echo("Something is wrong");
}
?>
For some reason this will not update the db, the values for the db login are correct use the same inc file for all the pages. No errors, just no updates in the db. Can't seem to figure it out for the life of me.
<?
include("../../inc/config.inc.php");
session_start();
$loggeduser = $_SESSION['myusername'];
if(!session_is_registered(myusername)){
header("location:login/login.php");
}
?>
<?
$userpost = $_POST["username"];
if(is_null($userpost)) {
mysql_connect("$host", "$user", "$pwd") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
$server_query_sql = ("SELECT * FROM $admin_tbl WHERE username = '$loggeduser'");
$getdata = mysql_query($server_query_sql) or die("Couldn't execute the query");
$row = mysql_fetch_array( $getdata );
$adminuser = $row['username'];
$adminpass = $row['password'];
$adminemail = $row['email'];
mysql_close();
}
else {
$postemail = $_POST["email"];
$postpass = $_POST["password"];
$encrypted_password = md5($postpass);
mysql_connect("$host", "$user", "$pwd") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
$server_query_sql = ("SELECT * FROM $admin_tbl WHERE username = '$loggeduser'");
$getdata = mysql_query($server_query_sql) or die("Couldn't execute the query");
$row = mysql_fetch_array( $getdata );
$adminuser = $row['username'];
$adminpass = $row['password'];
$adminemail = $row['email'];
if ($encrypted_password = $adminpass){
$query = "UPDATE $admin_tbl SET email='$postemail' WHERE username='$loggeduser'";
mysql_query($query);
}
else {
$query = "UPDATE $admin_tbl SET email='$postemail', password='$encrypted_password' WHERE username='$loggeduser'";
mysql_query($query);
mysql_close();
}
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../inc/login.css" />
<style>
#import url(http://fonts.googleapis.com/css?family=Ubuntu:400,700);
body {
-webkit-background-size: cover;
-moz-background-size: cover;
background-size: cover;
}
.container > header h1,
.container > header h2 {
color: #fff;
text-shadow: 0 1px 1px rgba(0,0,0,0.7);
}
</style>
</head>
<body><br><br>
<div align="center">Hi <strong><? echo $loggeduser; ?></strong>!</div>
<div class="container">
<section class="main">
<form class="form-3" method="post" action='<? $_SERVER['PHP_SELF']; ?>'>
<p class="clearfix">
<label for="login">Email</label>
<input type="text" name="email" id="email" placeholder="Username" value='<? echo $adminemail; ?>'>
</p>
<p class="clearfix">
<label for="password">Password</label>
<input type="password" name="password" id="password" placeholder="Password" value='<? echo $adminpass; ?>'>
</p>
<p class="clearfix">
<input type="submit" name="submit" value="Edit">
</p>
</form>
</section>
</div>
</body>
</html>
instead of this
if ($encrypted_password = $adminpass){
use
if ($encrypted_password == $adminpass){
you can fix this to see if they really equal the passwords by using
echo $encrypted_password . ' ----- ' .$adminpass ; // and see if they are same.
First problem I see is $encrypted_password = $adminpass. Use == for comparison.
Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>