So I got this form which saves text into a session variable with PHP. I got another form which makes all my session variables save into my database.
I'm trying to make it more efficient bij making the 2 forms into one form with one button. Here is my complete page code:
<?php
session_start();
if( $_SESSION['myusername'] == "")
{
header('Location: index.php');
}
?>
<html>
<head>
<link rel="stylesheet" href="css/main.css">
<style>body {background-image:url("stopphp.jpg");}</style>
</head>
<?php
if($_POST)
{
// $_SESSION["textarea"] = "";
$_SESSION["textarea"] = $_POST["textarea"];
header("Location:stop.php");
}
if($_GET)
{
$_SESSION["klantnummer"] = $_GET["klantnummer"];
header("Location:stop.php");
}
if($_GET)
{
$_SESSION["klantnaam"] = $_GET["klantnaam"];
header("Location:stop.php");
}
$textarea = $_SESSION["textarea"];
?>
<div id="notities">
<span style="font-family:Cursive;font-size:14px;font-style:normal;font-weight:bold;text-decoration:none;text-transform:none;color:000000;">Notities:</span>
<p>
<form action="" method="post">
<textarea cols="60" rows="10" name="textarea"></textarea><br/>
<input type="submit" value="Sla tekst op">
</form>
<p>
<form action="writeaway.php" method="post">
<input type="submit" value="Bij einde gesprek gelieve hier te drukken">
</form>
</div>
</html>
All suggestions are appreciated, sorry for the nooby question.
EDIT:
here is my writeaway code:
<?php
session_start();
if( $_SESSION['myusername'] == "")
{
header('Location: index.php');
}
?>
<html>
<?php
$date=date_create();
$_SESSION["stopdatum"] = date_format($date,"Y/m/d H:i:s");
?>
<?php include 'database.php'; ?>
<?php
mysqli_query($con,"INSERT INTO suplog (login,sstart,sstop,remark,klantnummer,klantnaam) VALUES ('".mysql_real_escape_string($_SESSION['myusername'])."',
'".mysql_real_escape_string($_SESSION['startdatum'])."',
'".mysql_real_escape_string($_SESSION['stopdatum'])."',
'".mysql_real_escape_string($_SESSION['textarea'])."',
'".mysql_real_escape_string($_SESSION['klantnummer'])."',
'".mysql_real_escape_string($_SESSION['klantnaam'])."')"); ?>
<?php
session_destroy();
?>
<?php header('Location: start.php'); ?>
</html>
I do not get your problem...
But you should try to assign your session variables with the values in the same step like you write them into a database! In your case in writeaway.php... Why would you do that in two different steps?
Hope that helps
Related
I'm building an ecommerce website project and right at the start, I kept on having the same problem. For some reason that I don't know, it feels like session_star() is not working or not displaying. I already done so many approach the last thing I have done is copy a source code online made by packetcode on youtube. but no results is showing in my browsers
I was expecting that the results will show but even though I referenced alot of sourece code it's still doesn't work and I have no any idea.
heres the index.php file:
<?php
session_start();
include "db.php";
include "retrieve.php";
include "function.php";
include "logic.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Exquisite</title>
</head>
<body>
<div class="container" id="main_cntr">
<div id="intro_cntr">
<div id="title_cntr">
<h2>Welcome to </h1>
<h1>Exquisite</h1>
</div>
<div id="paragraph_cntr">
<p>Here to provide an excellent support for your style!</p>
</div>
</div>
<?php if(empty($_SESSION['username'])){?>
<div class="container" id="form">
<div id="login_cntr">
<form method="POST">
<h2>Login</h2>
<label for="username">Username</label><br>
<input type="text" name="username" placeholder="Enter your Username"><br>
<label for="password">Password</label><br>
<input type="password" name="pass" placeholder="Enter your Password"><br>
<input type="submit" name="login" value="Login">
</form>
</div>
<?php }?>
<div id="signupOption_cntr">
Create an Account
<h4>or</h4>
Login as Admin
</div>
</div>
<?php if(!empty($_SESSION['username'])){?>
<div class="container">
<h1>Hello again<?php echo $_SESSION['username'];?></h1>
<form method="POST">
<button name="logout">Logout</button>
</form>
</div>
<?php }?>
</div>
</body>
</html>
I also devided the codes as seen in packetcode's video.
here the database code:
<?php
$conn = mysqli_connect('localhost', 'root', '', 'exquisite') or die ("Cannot connect to the Database");
?>
heres the account retrieval code:
<?php
if(isset($_REQUEST['login'])){
$uname = $_REQUEST['username'];
$pword = $_REQUEST['pass'];
}
?>
here's the function to take data from the server:
<?php
function login($conn, $uname, $pword){
$sql = "SELECT * FROM `user_acc` WHERE `username` = '$uname'";
$query = mysqli_query($conn, $sql);
return $query;
}
?>
and here's the code for validation:
<?php
if(isset($_REQUEST['login'])){
$result = login($conn, $uname, $pword);
foreach($result as $r){
$passw_check = password_verify($pword, $r['password']);
if($passw_check){
$_SESSION['username'] = $r['username'];
header("location: home.php");
}
}
}
if(isset($_REQUEST['logout'])){
session_destroy();
header("location: index.php");
exit();
}
?>
Need more information.
if you are using separate file to validation make sure you are include sessio_start(); on that file too.
without session_start(); session_destroy(); will not work.
<?php
session_start();
if(isset($_REQUEST['login'])){
$result = login($conn, $uname, $pword);
foreach($result as $r){
$passw_check = password_verify($pword, $r['password']);
if($passw_check){
$_SESSION['username'] = $r['username'];
header("location: home.php");
}
}
}
if(isset($_REQUEST['logout'])){
session_destroy();
header("location: index.php");
exit();
}
?>
i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
I am working on a simple login form with sessions..Here is my index.php code
<?php
ob_start();
session_start();
?>
<?
// error_reporting(E_ALL);
// ini_set("display_errors", 1);
?>
<html lang = "en">
<head> </head>
<body>
<h2>Enter Username and Password</h2>
<div class = "container form-signin">
<?php
$msg = '';
if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password']))
{
if ($_POST['username'] == '1' && $_POST['password'] == '1' )
{
$_SESSION['valid'] = true;
$_SESSION['timeout'] = time();
header('Location: /test/login.php');
}
else $msg = 'not working';
}
?>
</div> <!-- /container -->
</div>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="post" >
<?php echo $msg; ?>
<input type="text" name="username">
<input type="password" name="password" >
<input type="submit" name="login">
</form>
</body>
</html>
When someone write the right password, he will go to this page
localhost:8080/test/login.php
but, if someone try to open "localhost:8080/test/login.php" directly, he will go to this page "localhost:8080/test/index.php".
this is my login.php code
<?php
session_start();
if ($_POST['username'] == '1' && $_POST['password'] == '1' )
{
$_SESSION['valid'] = true;
$_SESSION['timeout'] = time();
header('Location: /test/login.php');
}
else{
header('Location: /test/index.php/');
}
?>
test 1
Youve made several small mistakes (see comments), but the big mistake you make is that the session is never checked. Use this at login.php :
<?php
session_start();
if(!isset($_SESSION["valid"])){
header("location: index.php");
die();
}
?>
This checks if the session is set, and if not redirects back to index php
I have trouble with these codes:
password.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="no1" placeholder="enter your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
Here is password2.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="name" placeholder="verify your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
And here is check.php:
<?php
$enter = $_POST['no1'];
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
The troubles I have are:
check.php doesn't recognise "name" from password2.php
And I can't verify the password
Because $_POST variable is not persistent between requests it would not work. You can store the value from first form in the $_SESSION variable and retrieve it from session.
More info about php sessions here
Leave everything as it is in your question except check.php, here is the modified one:
<?php
//starting the session in PHP
session_start();
$enter = null;
// this is all the logic you need for retrieving `no1` from POST or SESSION
if (isset($_POST['no1'])){
$enter = $_POST['no1'];
$_SESSION['no1'] = $enter;
}elseif(isset($_SESSION['no1'])){
$enter = $_SESSION['no1'];
}
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
// you can comment the next line if you are debugging,
// but after that you should destroy de session so you don't have a password as plain text
session_destroy();
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
I have a log-in script for user login. The user information is stored in the MYSQL database. When i login for first time, it stores the information in the session and display the welcome message. But when i log-out and try to log-in again, the session array display empty although it is logged in.
Here are my codes:
reservation.php
<?php
session_start();
require_once("./includes/config_db.php");
$error1=array();
if(isset($_POST['submit'])){
if (preg_match ('%^[A-Za-z0-9]{4,8}$%', stripslashes(trim($_POST['user_id'])))) {
$e = escape_data($_POST['user_id']);
} else {
$e = FALSE;
$error1['user_id']="UserID Required!";
}
if (preg_match ('%^[A-Za-z0-9]{8,}$%', stripslashes(trim($_POST['password'])))) {
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
$error1['password']="Password Required!";
}
if($e && $p){
$query="SELECT * FROM users WHERE(user_id='$e' AND password=SHA('$p')) AND active='NULL'";
$results=mysql_query($query);
if(mysql_affected_rows() == 1){
$row=mysql_fetch_array($results, MYSQL_NUM);
mysql_free_result($results);
$_SESSION['name']=$row[0];
$_SESSION['department']=$row[1];
$_SESSION['email']=$row[2];
$_SESSION['user_id']=$row[4];
$_SESSION['phone']=$row[5];
$_SESSION['pre']=$row[8];
//create second token
$tokenid=rand(10000,9999999);
$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
$result2=mysql_query($query2);
$_SESSION['tokenid']=$tokenid;
session_regenerate_id();
mysql_close();
header("Location:local.php");
exit();
}else
{
$error1['active']="Either your Account is inactive or Email/Password is incorrect";
mysql_close();
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reservation System</title>
<!--Link to external files-->
<link rel="stylesheet" type="text/css" href="css/reservation.css"></link>
</head>
<body class="body">
<div id="mainHeader">
<?php include('includes/ers_header.php'); ?>
</div>
<div id="content">
</div>
<div id="navigation">
<?php include('includes/ers_nav.php');?>
<h3>Member Login</h3>
<form id="login" action="reservation.php" method="post">
<?php if(!empty($error1['active'])) echo '<p><font color="red">'.$error1['active'].'</font></p>'; ?>
<label for="userid">User ID:</label>
<input type="text" name="user_id" <?php if (!empty($error1['user_id'])){ echo 'value="'.htmlentities($_POST['user_id']).'"';} ?> autofocus />
<?php if (!empty($error1['user_id'])){ echo '<p><font color="red">'.$error1['user_id'].'</font></p>';} ?>
<label for="password">Password:</label>
<input type="password" name="password" />
<?php if (!empty($error1['password'])){ echo '<p><font color="red">'.$error1['password'].'</font></p>';} ?>
<button class="submit" name="submit" type="submit">Login</button>
</form
</div>
</body>
</html>
ers_header.php:
<h1>XXXXXXXXXX</h1>
<h2>YYYYYYYYYYY</h2>
<h2>ZZZZZZZZZZZZ</h2>
<?php
require_once("./includes/config_db.php");
if(isset($_SESSION['name'])){
$sql="SELECT token FROM users WHERE(user_id='$_SESSION[user_id]')";
$result=mysql_query($sql);
if (mysql_affected_rows() == 1) { // A match was made.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
if($_SESSION['tokenid'] == $row[0]){
echo '<p>Welcome';
echo " {$_SESSION['name']}";
$loggedin=1;
}else{
$loggedin=0;
}
}
}
if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')){
echo' Logout';
echo'</p>';
}
?>
logout.php
<?php
session_start();
require_once("./includes/config_db.php");
if ( !isset( $_SESSION['name'] ) ) {
header("Location: reservation.php");
exit();
} else {
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
setcookie( session_name(), ", time()-300, '/', ", 0 ); // Destroy the cookie.
header("Location:reservation.php");
}
I don't know what is the problem. I have tried a lot but couldn't find it out. Please can anyone figure out my mistake.
You really should only need to unset the $_SESSION array, not destroy the session and cookie data, try removing those lines, but also:
mysql_affected_rows should be mysql_num_rows
also this line of code is incorrect:
$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
$_SESSION[user_id] should be $_SESSION["user_id"] and you should wrap it in {}. PHP probably gives warnings about this.
and this line of code is strange:
if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')
is the $loggedin,-10 really supposed to be in substr?