We Keep Coding

After validating the login, it is not redirecting to the other page [duplicate]

This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 months ago.
here is the validate login page:
<?php
include ("config.php");
if(isset($_POST['submit'])){
$Nmutilizador = mysqli_real_escape_string($conn, $_POST['username']);
$pass = md5($_POST['Password']);
$lvlacesso = $_POST['NivelAcesso'];
$select = " SELECT *
FROM users
WHERE NmUtilizador = '$Nmutilizador'
&& PalavraPasse = '$pass' ";
$result = mysqli_query($conn, $select);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);
if ($_SESSION['NivelAcesso'] == '1') {
// check the value of the 'status' in the db
//go to admin area
header("Location: indexadmin.php");
} else {
//go to members area
header("Location: indexposlogin.php");
}
}else{
$error[] = 'incorrect email or password!';
}
};
?>
I wanted after validating the login to redirect to the page depending on the access level , I would appreciate you helping me as soon as possible, thank you
Im new at this of php

You don't start the session at the top so your If statement will not work:
You need
session_start()
as the first command.
//$_SESSION['NivelAcesso'] will be null without session_start()
if ($_SESSION['NivelAcesso'] == '1') { // check the value of the 'status' in the db
//go to admin area
header("Location: indexadmin.php");
} else {
//go to members area
header("Location: indexposlogin.php");
}
}else{
$error[] = 'incorrect email or password!';
}

PHP code appearing in header section of page

For some apparent reason, a portion of my PHP code is being shown in the header section of my page.
I am completely stumped as to why this is occurring. I have rechecked all the variables and have tested how to page renders on IE and Firefox, but the same problem occurs.
reg.php:
<?
$registration = #$_POST[`submitReg`];
// Getting all other info from form and assigning it to variables
$firstname = strip_tags(#$_POST[`fname`]);
$lastname = strip_tags(#$_POST[`lname`]);
$username = strip_tags(#$_POST[`username`]);
$email = strip_tags(#$_POST[`email`]);
$email2 = strip_tags(#$_POST[`email2`]);
$password = strip_tags(#$_POST[`password`]);
$password2 = strip_tags(#$_POST[`password2`]);
$DOBDay = strip_tags(#$_POST[`DOBDay`]);
$DOBMonth = strip_tags(#$_POST[`DOBMonth`]);
$DOBYear = strip_tags(#$_POST[`DOBYear`]);
$gender = strip_tags(#$_POST[`gender`]);
$sign_up_date = date("d-m-Y"); // Sign up date is not getting any data from the form
if ($registration) {
if ($email==$email2) {
// If both emails match, then check if user already exists:
$u_check = mysqli_query("SELECT username FROM users WHERE username='$username'"); // Count the amount of rows where username = $username
$e_check = mysqli_query("SELECT email FROM users WHERE email='$email'"); //Check whether Email already exists in the database
// checking the amount of rows where username is equal to $username - avoid two users with same username - same idea for email
$check = mysqli_num_rows($u_check);
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
// If no matches found then: 1. check all fields are completed correctly:
if ($firstname && $lastname && $username && $email && $email2 && $password && $password2 && $DOBDay && $DOBMonth && $DOBYear && $gender) {
// 1.2. check that passwords match:
if ($password==$password2) {
-------------------- CODE WHICH IS APPEARING IN THE HEADER ---------------------
// 1.2.1. Check fields are of valid length
if (strlen($username) > 25 || strlen($firstname) > 25 || strlen($lastname) > 25 || strlen($password) > 25) {
echo "The maximum character limit is 25.";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 6 characters
if (strlen($password)>25||strlen($password)<6) {
echo "Your password must be between 6 and 25 characters long!";
}
else
{
// if everything correct, encrypt passwords using MD5 before sending it to server.
$password = md5($password);
$password2 = md5($password2);
$query = mysqli_query("INSERT INTO users VALUES (``, `$firstname`, `$lastname`, `$username`, `$email`, `$password`, `$sign_up_date`)");
die("<h2>Welcome to Aston Unified</h2> Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
_______________________________________________________________________
?>
Any ideas as to why this behavior is occurring?

Seems php short tags <? is off and you have used that. Try to use <?php and then check.
If you need to use that then set
short_open_tag=On
in php.ini and restart your Apache server.

you should enable short tag in php.ini (add short_open_tag=On in your php.ini) or use <?php in place of <?

How do i solve this warning? [duplicate]

This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
I am writing a website. But i keep having a unknown error.
it says:
"Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/social business kopie/index.php on line 29"
I don't know what i have to change about my php code and i am just a beginner. Please can someone help me?
Line 29
index.php:
<?php
$reg = #$_POST['reg'];<p>
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("
Welcome to findFriends
Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>

you are mixing mysql and mysqli functions. I really recommend you to use mysqli functions, as the others are deprecated

php username check on database when user already taken

Hi i have a registration system, and it works well and save to database, I have a problem in checking on the database for the username if already exists. My script on checking database is wrong. Can someone help me on this? Below is my code
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
$res = mysql_query($sql);
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?>
problem is only in the else statement

Change :
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
To:
$sql = "SELECT
members.username
FROM
members
WHERE username = '".mysql_real_escape_string($username)."'";
$users =mysql_query($sql);
if(mysql_num_rows($users )){
$username_exists = "Username is already taken.";
}{
$username = $_POST['username'];
}
Have in mind, you need to escape your user name to avoid SQL injection! And avoid using mysql_ functions!

Before you read on; this is prone to SQL injection, and I'd love to point you to PDO.
Change your SQL statement to treat $username as a string;
SELECT members.username
FROM members
WHERE username = '$username'
Then remove the following line,
mysql_query($sql);
And finally change your if() { } condition to;
if(mysql_num_rows(mysql_query($sql))>0){

I have tried to help you with this code. Pay attention to comments. I have done more then just, answer your question: there are a bit changed logic, added sanitize of $username...
<?php
// at first let's define this variables (just for any case)
$username_error = null;
$username_exists = null;
// get username
$username = $_POST['username'];
// let's check it
if (empty($username)) {
$username_error = "Please Input Username";
// don't know in what context you use this code
// so here you need to return from function or exit
return;
}
// ... and sanitize
$username = filter_var($username, FILTER_SANITIZE_SPECIAL_CHARS); // just for example
// actually, I use active record, so can't suggest 100%-security way
// check lenght
if (mb_strlen($username) < 6 || mb_strlen($username) > 20) {
$username_error = "username must be at least 6 characters.";
// also let's exit or return
return;
}
// and now let's check it in DB
$sql = "SELECT
members.username
FROM
members
WHERE username = '$username'";
// !!! pay attention!!!
$result = mysql_query($sql); // we need append this mysql result to some variable
if (mysql_num_rows($result) > 0) { // and here we check num_rows of that result, not just tring with query!
$username_exists = "Username is already taken.";
// also let's exit or return
return;
}
// if we are in here we have sanitized $username, that's not in use.
// Enjoy!

var qc=document.forms["regform"]["email"].value;
if(qc!='') {
alert('in');
$.ajax({
url: 'search.php',
data: "check_qc=" + qc,
async:false,
success: function(response) {
if(response==1)
{
alert('Already Exists');
return false;
}
}
});
}
Now, in search.php file
$qc = $_GET['check_qc'];
$sel="select * from register where email='".$qc."'";
$res= mysql_query($sel);
$co= mysql_num_rows($res);
// echo $co;
if(count($co)>0)
echo "1";
else
echo "0";

if(mysql_num_rows($sql)>0){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
Although you should be using PDO or something else for sanitization.
Correction:
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}

ISSET Php mysql [duplicate]

This question already has answers here:
isset() function is returning true even when item is not set
(4 answers)
Closed 9 years ago.
guys how come whenever i click submit button on my form without any data in the textbox, it's saying echo 'Either your username, or email is already taken!'; . How come it still passes through this despite of the form not having any data? what could be the best explanation?
if(isset($_POST['username']) && isset($_POST['email']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return;
}
}
Please hi'm stuck with this line for 12 hours, i can't seem to move on :(

isset renders true for empty string. it checks the existence of a variable. Here is a detailed explanation.
You should use if (trim($_POST['username']) != "")

if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return;
}
}

You can also try !empty :
If you want to check both username OR email if already exist you also need to check email in select query
if(!empty($_POST['username']) && !empty($_POST['email']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username' OR email='$email'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return false;
}
else
{
echo 'Accept';
return true;
}
}