Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
Im trying to create an html form to change password in php.
my database is created in easyphp.
Here is the code to I wrote to change the password, when i test it nothing happened or changed.
<?
$user_name = "root";
$pass_word = "";
$database = "login";
$server = "127.0.0.1";
if(isset($_POST['submit']))
{
$oldpassword = md5($_POST['cur_password']);
$newpassword= md5($_POST['new_password']);
$confirm_password = md5($_POST['confirm_password']);
$usermane = $_SESSION['username'];
$con = mysqli_connect($server, $user_name, $pass_word,$database);
if (!$con)
{
die('Could not connect: ' . mysqli_connect_error());
}
$select=mysqli_query("select * from login where L1='$username'");
$fetch=mysqli_fetch_array($select);
$data_password=md5($fetch['password']);
if($newpassword==$confirm_password && $data_password==$oldpassword)
{
$insert=mysqli_query("update login set L2='$confirm_password' where L1='$username'");
}
if($insert)
{
echo "Password changed";
}
else
{
echo "Password not changed";
}
}
}
mysqli_close($con);
?>
<html>
<head>
</head>
<body>
<FORM NAME ="form1" METHOD ="POST" ACTION ="changepassword.php">
<p>old password<br />
<input type="password" name="current_password" /></p>
<p>New password<br />
<input type="password" name="new_password"/>
</p>
<p>Confirm password<br />
<input type="password" name="confirm_password"/>
</p>
<input name="submit" type="submit" value="Save Password" />
</body>
</html>
Please tell me what is wrong here.
Thanks :D
$usermane on line 12. Looks like a syntax error. Shouldn't you be getting any errors?
Also usermane and username mismatch
$usermane = $_SESSION['username'];
$select=mysqli_query("select * from login where L1='$username'");
change
$data_password=md5($fetch['password']);
to
$data_password=$fetch['password'];
you are already storing the passwords as hashes (at least according to your insert statement), when you take the hash of a hash you just get a new hash.
which causes $data_password to not equal $oldpassword
if($newpassword==$confirm_password && $data_password==$oldpassword)
{
$insert=mysqli_query("update login set L2='$confirm_password' where L1='$username'");
}
also as Eisa Adil pointed out
$usermane
should be
$username
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
I am trying take some data of a specific row from the table users by checking if the username and password are correct.
I cant see why it is not working!!
EDIT: I insert the code of the whole page. I am using to form because i in the same form i have the register button and the log in button. I am checking which one the user pressed and then do things.
$host = "xx";
$user = "xx";
$pass= "xx";
$dbname = "xx";
$conn = new mysqli($host,$user,$pass, $dbname );
if ($conn->connect_error) {
die("Connection failed : ".$conn->connect_error); //fixme
}
if ( isset($_POST['login']) ) {
if ($_POST["actionb"] == 'Login') {
$username = isset($_POST["username"]) ? $conn->real_escape_string($_POST["username"]) : "";
$password = isset($_POST["password"]) ? $conn->real_escape_string($_POST["password"]) : "";
echo $username;
echo $password;
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results=$conn->query($query);
if (mysqli_num_rows($results) > 0 ) {
$_SESSION['username'] = $username;
if ($results->num_rows > 0) {
// output data of each row
while ($row = $results->fetch_assoc()) {
$email = $row["email"];
$postalcode = $row["postalcode"];
$phonenumber = $row["phonenumber"];
}
}
$_SESSION['postalcode'] = $postalcode;
$_SESSION['phonenumber'] = $phonenumber;
$_SESSION['email'] = $email;
echo "You are now logged in";
header('location: confirm.php');
} else {
//echo "Wrong username/password combination";
}
}
}
?>
<html>
<style type ="text/css">
...
</style>
<body>
<form action="" method="post">
<div class="header">
<h1>For existing users</h1>
</div>
<input type="hidden" name="actionb" value="Login" >
<label for="username"><b>Username</b></label>
<input type="text" placeholder="Enter username" name="username" required>
<label for="password"><b>Repeat Password</b></label>
<input type="password" placeholder="Repeat Password" name="password2" required>
<div class="clearfix">
<button type="submit" name="login" value="Login">Login</button>
</div>
</form>
</body>
</html>
First: like #IdontDownVote said, you should always(!) hash/encrypt passwords before storing them in a database (see php.net/manual/en/book.password.php). One hack and all your users will hate you for not doing it. ;)
Second: can it be you are getting more then one row back? (As presumed by your if ($results->num_rows > 0) { later in the code.) The error also fires then, because you check for ==1, might change it to >0.
Third: check if the mysqli_query() call was successfull by added it in your if statement with $results && mysqli_num_rows(..etc..
Fourth: the password is actually send as $_POST['password2']
Fifth: (As #FunkFortyNiner pointed out correctly) using header() as a redirection must be the first thing to output to the browser (so no echo's before that) and followed by a exit(); to prevent something else echo-ing after that (which is also not valid in PHP).
Sixth: (As #FunkFortyNiner pointed out as well) While developing, always turn error reporting on using error_reporting(E_ALL | E_STRICT | E_NOTICE); and
ini_set('display_errors', 1); at the top of you PHP. This way all errors, warnings etc are explicitly printed in the browser, so you can debug/clean/fix.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
This is the php of the login:
<?php
// Get user input values
$username = $_POST['user'];
$password = $_POST['pass'];
// Protect againts sql injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//connect to the database and selsct database
mysql_connect("localhost", "root", "//im hiding the password");
mysql_select_db("test");
//Query the database for user
$result = mysql_query("SELECT * FROM users WHERE username = '" . $username . "' && password = '" . $password . "'") or die("Failed to query database " . mysql_error());
$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password) {
echo "Login Successful Welcome: " . $row['username'];
} else {
echo "Invalid Username or Password";
}
This is the html:
<html>
<head>
<meta charset="UTF-8" />
<title>Simple Login</title>
</head>
<body>
<h1 style="text-align:center;">Simple Login</h1>
<div id="wrapper">
<form style="text-align:center;" action="process.php" method="post">
Username:
<input type="text" name="user" />
<br />Password:
<input type="password" name="pass" />
<br />
<input type="submit" name="submit" value="Login" />
</div>
</form>
</body>
<html>
Could someone tell me why the php won't check the database if the username and password is correct. Oh and when you put nothing in the username and password boxes it logs you in!
This:
$password = mysql_real_escape_string($password);
//connect to the database and selsct database
mysql_connect("localhost", "root", "//im hiding the password");
mysql_real_escape_string() REQUIRES an active connection to the DB, but you don't do that connection until AFTER. Therefore m_r_e_s() will return a boolean FALSE for failure, which you then blindly use in your query. Boolean false in a string context is a zero-length string, so your query will literally become
SELECT ... WHERE username='' && password=''
And note that mysql_*() functions are obsolete and now removed from PHP. You should NOT be using them, anywhere, for any reason.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I get this error and have tried all steps to eliminate it but can't, have also tried the steps demonstrated on stack overflow but to no avail:
error:
Parse error: syntax error, unexpected end of file in C:\wamp\www\project-Feedback form\project docs\login.php on line 80
I have attached the entire snippet of code:
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
?>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" type="text/css" href="login.css">
</head>
<body>
<div id="header">
<center><p><img src="http://www.ruparel.edu/_/rsrc/1338008090424/config/customLogo.gif?revision=29" align="left" /> <img id="image" src="http://www.auplod.com/u/pudlao4d2f7.png" /> </p></center>
</div>
<hr></hr>
<center><h1> Welcome to the Login page for <img src="http://www.auplod.com/u/uoalpd4d31a.png" /> </h1></center>
<center><h2>Please Login!</h2></center>
` <br />
<form method="post" action=" ">
<div id="radio"><b><img src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQMfjN-cd00MPhHqoKOKnUHp-VP3HSU3FBuuNDJbJL2yQF0fyWR"/>Student<input type="radio" name="radio1" value="Student"></p>
<b><img src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcSSnk6-xJ7aCZL8aODuWyRMAENzk7XIFitACfPJALdJOaTzQq1b-w" />Professor<input type="radio" name="radio1" value="Professor"></b> </div>
<div id="fields"><b>ROll no:<input type="text" name="username" ></b>
<b>Password:<input type="password" name="pwd"></b><b> <input type="submit" name="submit" value="Login"></b></div>
</form>
<?php
if (isset($_POST['submit']))
{
if (empty($_POST['username']) || empty($_POST['password']))
{
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db($connection,"feedback data");
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
//now we write php code to decide if student or teacher
$subject=$_SESSION['login_user'];
$pattern="/[2$]/";
if($_POST['radio1']=="Professor"&& preg_match($pattern,$subject)==1)//condition for teacher using BRE
{
header("location: http://localhost/project-Feedback%20form/project%20docs/selection_page_teacher.php");
}
elseif($_POST['radio1']=="Student"&& preg_match($pattern,$subject)==0)//condition for student using BRE
{
header("location: http://localhost/project-Feedback%20form/project%20docs/selection_page_student.php");
}
else
{
echo"The selection you have made is incorrect Mr.".$_SESSION['login_user'];
}
mysql_close($connection); // Closing Connection
}
}
?>
</body>
</html>
You're missing a closing brace } for one of your conditional statements, being for this one:
if (isset($_POST['submit']))
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
so I tried to make a login page for my localhost. I have a registration page that works fine, but I for some reason I can't make my login.php work
Can someone please help me?
<?php
$host = 'localhost';
$user = 'root';
$pass = '123';
$db = 'Data';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if(isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM Project WHERE username='".$username."' AND password='".$password"' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1){
echo 'Du är inloggad!';
exit();
} else {
echo 'Användarnamn eller lösenord stämmer ej med databas, var snäll försök igen';
exit();
}
}
?>
<html>
<head>
</head>
<body>
<form method="post" action="login.php">
Användarnamn: <input type="text" name="username" class="username" /><br/>
<br/>
Lösenord: <input type="password" name="password" class="password" /><br/>
<br/>
<input type="submit" value="Logga in" />
</form>
</body>
</html>
Sorry if I confuse you with some swedish echo's but that does not matter
Thanks
you have syntax error at line 13 check it and replace this line with this one
$sql = "SELECT * FROM Project WHERE username='$username' AND password='$password' LIMIT 1";
You have a missing dot from password='$password'.
You have another problem with this code. This is vunerable with SQL Injection.
Use this code:
"SELECT * FROM Project WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' LIMIT 1"
And "mysql" API is deprecated now, use rather mysqli. It is faster too.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
So i wanted to make a social network and followed some youtube videos from codeetastic, but at the forth movie, my login function didn't react properly. Do you guys have any idea?
(index.php)
<?php include "templates/nav.php"; ?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>EverTime</title>
<link rel="stylesheet" href="css/main.css"/>
<script src="js/main.js"></script>
</head>
<body>
<div id="middle">
<h1 id="welcome">Welcome to EverTime!</h1>
<form action="parse/login.php" method="post">
<input type="text" name="username" id="username" placeholder="Username..."/>
<input type="password" name="password" id="password" placeholder="Password..."/>
<input type="submit" name="submit" id="submit" value="Log in"/><a id="link" href="register.php">Create an account</a>
</form>
</div>
</body>
</html>
(login.php)
<?php
//connect
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("evertime") or die(mysql_error());
//login script
if(isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$md5pass = md5($password);
$query = mysql_query("SELECT * FROM `users` WHERE username='$username' AND password='$md5pass'");
$get = mysql_fetch_assoc($query);
if($get = ""){
echo "User does not exist";
} else {
echo "User does exist";
}
}
?>
(config.php)
<?php
//connect to database
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("evertime") or die(mysql_error());
?>
Btw, i am using xampp with php 5.4.15 and mysql (not mysql*i*)
if($get = ""){
should probably be
if($get == ""){