I have a problem and I hope someone will be able to find a solution.
I just changed hoster and the website doesn't work completely.
Basically the problem is that some code doesn't work.
Where it checks if(!empty($db_password) and ($md5pass == $db_password))
The echo works but the other things don't and it's not only there. I have a similar problem with other files as well.
$username = $_POST['user'];
if(isset($username))
{
$password = $_POST['password'];
$md5pass = md5($password);
$check_user = "SELECT ID,username,password FROM Members ";
$check_user .= "WHERE username = '".$username."'";
$checkuser_query = mysqli_query($dbconnection,$check_user);
while($row = mysqli_fetch_array($checkuser_query,MYSQL_ASSOC))
{
$db_userid = $row['ID'];
$db_username = $row['username'];
$db_password = $row['password'];
$db_avatar = $row['avatar'];
}
if(!empty($db_password) and ($md5pass == $db_password))
{
echo 'you are not awesome.';
setcookie("LoginAuthorised","LoginAuthorised",time()+7200,"/");
setcookie("id",$db_userid,time()+7200,"/");
setcookie("username",$db_username,time()+7200,"/");
header("Location: user.php?value=confirm");
}else
{
echo '<div id="error">Password does not match</div>';
}
}
echo '<p></p><p></p>
<div id="lg_login_form">
<form name="login_form" method="post">
<div id="lg_login_title">Log In</div>
<div id="lg_login_form2">
<label>Username:</label>
<input type="text" name="user" id="username" value="" maxlength="20" />
<label>Password:</label>
<input type="password" name="password" value="" maxlength="20" />
<input name="submit_login" type="submit" value="Log In" id="lg_submit_log" />
<p></p>
<p></p>
<div id="lg_control_text">You have to login to access User Panel</div>
</div>
</form>
<form name="register_redirect" action="user.php?value=register" method="post" id="lg_register_redirect" >
<label>If you want to login you have to register first. Registering takes only a few moments and it gives you multiple features.<br/></label>
<input name="submit_registration" type="submit" value="Register" id="lg_submit_reg_log" />
<p></p>
</form>
</div>';
You're sending headers before setcookie() is called, which is probably why you're having issues. Remove the line that says echo 'you are not awesome.';
Related
I've created 2 webpages for administrator register and login. After registration of the admin at registrationadmin.php page, it says the registration was successfully done. Once going to login webpage and entering correct credentials, it notifies me that username/password are incorrect. When I check with my database, details of admin registration are stored in the database of the admin table.
What is the problem/how can I resolve this?
Loginadmin code:
<?php
require('db.php');
session_start();
if (isset($_POST['admin_username'])){
$admin_username = stripslashes($_REQUEST['admin_username']);
$admin_username = mysqli_real_escape_string($con,$admin_username);
$admin_password = stripslashes($_REQUEST['admin_password']);
$admin_password = mysqli_real_escape_string($con,$admin_password);
$admin_password = md5($admin_password);
$query = "SELECT * FROM `admin` WHERE admin_username='$admin_username' and admin_password='".md5($admin_password)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['admin_username'] = $admin_username;
header("Location: adminindex.php");
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='loginadmin.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<h3>Admin Log In</h3>
<form action="" method="post" name="login">
<input type="text" name="admin_username" placeholder="User Name" required />
<input type="password" name="admin_password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
Back to main page
</div>
<?php } ?>
Registrationadmin.php code:
<?php
require('db.php');
if (isset($_REQUEST['admin_username'])){
$admin_username = stripslashes($_REQUEST['admin_username']); // removes backslashes
$admin_username = mysqli_real_escape_string($con,$admin_username); //escapes special characters in a string
$admin_email = stripslashes($_REQUEST['admin_email']);
$admin_email = mysqli_real_escape_string($con,$admin_email);
$admin_password = stripslashes($_REQUEST['admin_password']);
$admin_password = mysqli_real_escape_string($con,$admin_password);
$query = "INSERT into `admin` (admin_username, admin_email, admin_password) VALUES ('$admin_username', '$admin_email','".md5($admin_password)."')";
$result = mysqli_query($con,$query);
if($result){
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='loginindex.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<h2>REGISTER AS ADMIN </h2>
<form name="registration" action="" method="post">
<input type="text" name="admin_username" placeholder="Username" required />
<input type="email" name="admin_email" placeholder="Email" required />
<input type="password" name="admin_password" placeholder="Password" required />
<input type="submit" name="submit" value="Register" />
</form>
</div>
<?php } ?>
Check your insert query (I split it to 2 rows for better readability):
$query = "INSERT into `admin` (admin_username, admin_email, admin_password)
VALUES ('$admin_username', '$admin_email','".md5($admin_password)."')";
Instead of using values stored in variables $admin_username and $admin_email, you are entering just string $admin_username and $admin_email.
You must fix in same way as the password:
$query = "INSERT into `admin` (admin_username, admin_email, admin_password)
VALUES ('".$admin_username."', '".$admin_email."','".md5($admin_password)."')";
Here is the code of the username check I don't know how to make a code for the error message
<?php
if ($_POST['username']) {
include_once "connect_to_mysql.php";
$username = stripslashes($_POST['username']);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM Users WHERE Us_Name='$username' AND Us_Password='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
$id = $row["Us_ID"];
$_SESSION['Us_ID'] = $id;
$username = $row["Us_Name"];
$_SESSION['Us_Name'] = $username;
header("location: Home2.php?id=$id");
}
} else {
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
exit();
}
}
?>
Add this is the code of the form.
I want the message to appear under the boxes of username and password
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
I want the message to look like something like this
errorMsg
Instead of:
print '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
Do:
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
And then in the HTML, do this:
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<?php echo $msg; ?> <!-- Here is where the message will appear -->
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
EDIT: Also, no need to exit();. Simply create the variable so you can echo it wherever you want it in your HTML by embedding your PHP in it.
Only printing will put it at the very top of the page, even before the <!DOCTYPE html>.
I cannot fetch admin credentials. I have checked the script numerous times, but cannot detect the problem. Your expert eyes can find something.
loginshed.php
<?php
include('../settings/config.php');
$username= $_POST["username"];
$password= $_POST["password"];
$sql="SELECT * FROM `adminlogin` WHERE `username`='".$username."' and `password`= '".base64_encode($password)."' ; ";
$res=dbQuery($sql) or die(mysql_error().$sql);
$rec=dbNumRows($res);
if($rec > 0)
{
$s = dbQuery("update `adminlogin` set `logintime`= '".$totaldate."' where `username`='".$username."' ; ");
$_SESSION["adminusername"]=$username;
header("location: adminhome.php");
}
else
{
header("location: index.php?msg=error");
}
?>
form
<form name="login" action="loginshed.php" method="post" onsubmit="return validate2()">
<input type="text" name="username" id="username" style="width:200px;" class="input" />
<input type="password" name="password" id="password" style="width:200px;" class="input"/>
<button type="submit" name="btnsubmit" class="input" >Login</button> <button type="reset" class="input" >Reset</button>
you might find :http://php.net/manual/en/function.password-verify.php
a little more convienant to use, select row based on username and then verify the password vs the hash.
boolean password_verify ( string $password , string $hash )
I am trying to make a simple Login system for admins. Nothing too special, since it's my first one. I am trying to verify if the username and password inputted are the same as the one in the database, and then include the rest of the page. No errors, everything works as it should, the database access is good, but it's like the if statement isn't there. It just includes the rest of the page on load.
<form action="admin.php" method="POST" class="login">
<input type="text" placeholder="Password" name="username" required>
<input type="password" placeholder="Password" name="password" required>
<input type="submit" value="Log In">
</form>
<?php
require('connect.php');
$admin = <<<SQL
SELECT *
FROM admins
SQL;
$username = $_POST['username'];
$pw = $_POST['password'];
$result = $db->query($admin);
while($row = $result->fetch_assoc()){
if($username == $row['username'] && $pw == $row['password']){
include('admininclude.php');
} else {
echo 'You are not cool enought to enter. (Username or Password wrong.)';
}
}
$db->close();
?>
Thanks in advance!
I am currently coding pages for a social network (it's only going to run locally) for my senior project and I am running in to these redirect errors that I have no clue on how to solve. There are around three pages that have the 'header('location:...') code in it. I didn't know what it would do at the different levels of coding so I put all of the coding with an equal amount of indention.
index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
$u_check = ""; //Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["user_password"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form>
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" />
<input type="password" size="25" name="user_password" id="user_password" placeholder="password" /><br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/mysql_connect.inc.php");
// starts the session
session_start();
// checks whether the user is logged in or not
$user = $_SESSION["user_login"];
if (!isset($_SESSION["user_login"])) {
header("location: index.php");
exit();
}
else
{
header("location: home.php");
exit();
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
home.php
<?
session_start();
$user = $_SESSION["user_login"];
//If the user is not logged in
if (!isset($_SESSION["user_login"])) {
header('location: index.php');
exit();
}
else
{
//If the user is logged in
echo "Hi, $user, You're logged in<br />Welcome to what is soon to be your NEWSFEED";
}
?>
You've got a catch-22 in your code:
index.php includes your function library
the function library checks for the existence of that session variable.
if the variable doesn't exist, redirect to index.php
e.g. you've written a very complicated version of the classic BASIC 10 GOTO 10.