So I have a simple database for logging in to my website, but i am having trouble with displaying whether or not a user has logged in.
session_start();
$username = $_POST['Username'];
$salt = substr($username, 0, 2);
$password = crypt($_POST['Password'], $salt);
$dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$query = $dbh->prepare("SELECT * FROM `7Ducklings` WHERE Username = ? AND Password = ?");
$array = array($username, $password);
$query->execute($array);
$numrows = $query->fetchColumn();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}else{
}
$dbh = null;
And i want this, if the user is logged in to replace the contents of this div tag:
<div id="duckdiv">
<form id="UserPass" method="POST" action="Check.php">
Username:<input type="text" placeholder="Username" name="Username">Password:<input type="password" placeholder="Password" name="Password">
<img src="ducklogin.png">
</form>
</div>
With this:
<p>"Welcome back:" $_SESSION['Username']</p>
How is this possible?
You have to start the session before using the $_SESSION superglobal array and before rendering any content.
session_start();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}
HTML view:
<?php if (isset($_SESSION['Username'])) : ?>
// render the welcome message
<?php else : ?>
// render the form
<?php endif ?>
Related
I am making a panel with PHP. It contains a login script. It's working good, just what I expect. The next step is: Echo the username.
With $_POST you can echo the username what the person has typed. So, just like: Welcome, $username.
The problem now is, that I can't echo the $_POST. It's not possible because you will redirect to another page. My question is: How can I echo a username.
My login script:
<?php
//DATABASE CONNECTION
session_start();
$host = "localhost";
$username = "root";
$password = "root";
$database = "test_tutorial";
$message = "";
try {
$connect = new PDO("mysql:host=$host; dbname=$database", $username, $password);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$fname = $_POST["fname"];
//LOGIN CHECK
if(isset($_POST["login"])) {
if(empty($_POST["fname"]) || empty($_POST["lname"])) {
echo 'All fields required';
}
else
{
$query = "SELECT * FROM users WHERE fname = :fname AND lname = :lname";
$statement = $connect->prepare($query);
$statement->execute(
array(
'fname' => $_POST["fname"],
'lname' => $_POST["lname"]
)
);
$count = $statement->rowCount();
if($count > 0)
{
//VISITED
header("Refresh:0; url=veilig.php");
//END
}
else
{
echo 'Wrong data';
}
}
}
}
catch(PDOException $error) {
$message = $error->getMessage();
}
?>
My form:
<form action="" method="post">
<label>fname</label>
<input type="text" name="fname" class="form-control" />
<br />
<label>lname</label>
<input type="password" name="lname" class="form-control" />
<br />
<input type="submit" name="login" value="Login" />
</form>
So, how can I echo a post if someone is redirected to another page?
You've already called session_start so you're ready to use the $_SESSION superglobal which will persist data for the user across all pages that call session_start first.
For example, here on index.php
<?php
session_start();
$_SESSION['username'] = 'Prabhjot.Singh';
header('Location: veilig.php');
Then later on veilig.php
<?php
session_start();
echo $_SESSION['username'];
Prabhjot.Singh
I've been looking at my code for days, but can't seem to find the problem. I'm new in PHP, so I'm not really familiar with all of it.
Below is my code. No errors. No registered session variable values.
db-config.php
<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'mcsh';
$conn = mysqli_connect($host, $user, $pass, $db);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>
login.php
<form id="user-login" action="index.php" method="POST">
<h1>Administrator Login</h1>
<input type="text" name="username" placeholder="Username" required/>
<input type="password" name="password" placeholder="Password" required/>
<button type="submit">Login</button>
Forgot your password?
</form>
<?php
if (!empty($_POST)) {
if (!empty($_SESSION['username'])) {
header("Location: index.php");
}
$username = $_POST['username'];
$password = $_POST['password'];
include("../config/db-config.php");
$sql = "SELECT `userid`, `password` FROM users WHERE userid = '" . $username . "' AND userlevel = '99'";
$result = mysqli_query($conn, $sql);
if ($row = mysqli_fetch_assoc($result)) {
if (password_verify($password, $row['password'])) {
$_SESSION['username'] = $row['userid'];
header("Location: index.php");
exit;
}
else {
?>
<p class="msg" id="error">Invalid username or password. Please try again.</p>
<?php
}
}
else {
?>
<p class="msg" id="error">Invalid username or password. Please try again.</p>
<?php
}
}
?>
index.php
<?php
session_start();
include("../config/config.php");
if (empty($_SESSION['username'])) {
header("Location: login.php");
}
else {
//the rest of the index page...
?>
Your form in login.php submits to index.php. In index.php, if the username is not yet in the session, you are redirected back to login.php. There you check if (!empty($_POST)) { at the beginning of your PHP code.
$_POST will be empty, because you have redirected to that page, not POSTed to it, so the PHP code will not be executed.
Remove the action="index.php" and that form will submit to itself (login.php). Also, move the HTML form code below the PHP code so that you will not have output before the redirect header if the login is successful.
I was making a login page. so I already can login into another page. then in my login page I need to put remember me checkbox and PHP. so which part in this codes that I need to put my "remember me " codes ? please help me.
this is login1.php
<?php
session_start();
//database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lala";
// Create connection
$link = mysql_connect($servername,$username,$password) or die("Could not connect");
$db= mysql_select_db("$dbname",$link) or die ("Could not select database");
$login = $_POST['login'];
$password = md5($_POST['password']);
$rememberme = $_POST['remember_me'];
$result = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
$count = mysql_num_rows($result);
if($count==1)
{
//check remember me is on or off
//if off then session login
//else add cookie
$_SESSION['username'] = $login;
$_SESSION['password'] = $password;
$result1 = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
while($row = mysql_fetch_array($result1)){
$_SESSION['gp'] = $row['gpType'];
}
header('Location:dashboard.php');
}
else
{
$_SESSION['username'] = NULL;
$_SESSION['password'] = NULL;
?>
<script type = "text/Javascript">
alert("Sorry , wrong username or password");
setTimeout("location.href = 'abc.php';");
</script>
<?php
}
?>
this is my html
<p><input type="password" name="password" value="" placeholder="Password"></p>
</div>
<div id="form2">
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me
</label>
</p></div>
<div id="form3">
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
Just Use this code after getting the $login and $password
<?php
if($_POST["remember_me"]=='1' || $_POST["remember_me"]=='on')
{
$hour = time() + 3600 * 24 * 30;
setcookie('username', $login, $hour);
setcookie('password', $password, $hour);
}
?>
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
I am trying to add a welcome to user in a restricted area using PHP login system. I used this code to transfer usernale from first user login page to restricted page but it didnt work
if ( (isset($_POST['username'])) || (isset($_POST['password'])) {
$user = $_SESSION['username'];
}
Here are the files that I am using, Can you please take a look at them and let me know what I am doing wrong?
<form id="login-form" method="post" action="includes/login.inc.php">
<fieldset>
<legend>Login to Web Site</legend>
<label for="username">
<input type="text" name="username" id="username" />Username:
</label>
<label for="password">
<input type="password" name="password" id="password" />Password:
</label>
<label for="submit">
<input type="submit" name="submit" id="submit" value="Login" />
</label>
</fieldset>
I have a php login file which is like this:
<?php
require_once('config.inc.php');
require_once('functions.inc.php');
// Start session
session_start();
// Check if user is already logged in
if ($_SESSION['logged_in'] == true) {
// If user is already logged in, redirect to main page
redirect('../index.php');
} else {
// Make sure that user submitted a username/password and username only consists of alphanumeric chars
if ( (!isset($_POST['username'])) || (!isset($_POST['password'])) OR
(!ctype_alnum($_POST['username'])) ) {
redirect('../login.php');
}
// Connect to database
$mysqli = #new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
// Check connection
if (mysqli_connect_errno()) {
printf("Unable to connect to database: %s", mysqli_connect_error());
exit();
}
// Escape any unsafe characters before querying database
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string($_POST['password']);
// Construct SQL statement for query & execute
$sql = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";
$result = $mysqli->query($sql);
// If one row is returned, username and password are valid
if (is_object($result) && $result->num_rows == 1) {
// Set session variable for login status to true
$_SESSION['logged_in'] = true;
redirect('../index.php');
} else {
// If number of rows returned is not one, redirect back to login screen
redirect('../login.php');
}
}
?>
and on my restricted page I have:
<?php
// Start session
session_start();
if ( (isset($_POST['username'])) || (isset($_POST['password'])) {
$user = $_SESSION['username'];
}
require_once('includes/functions.inc.php');
if (check_login_status() == false) {
redirect('login.php');
}
?>
<!DOCTYPE html>
<html>
<body>
<div id="page">
<a class="welcome">
Welcome: <?php echo $user; ?>
</a>
</div>
use
$_SESSION['username'] = $_POST['username'];
and then echo out $_SESSION['username']
EDIT
<?php
// Start session
session_start();
if (isset($_POST['username']) || isset($_POST['password'])) {
require_once('includes/functions.inc.php');
if (check_login_status() == false) {
redirect('login.php');
}
$_SESSION['username'] = $_POST['username'];
}
?>
<!DOCTYPE html>
<html>
<body>
<div id="page">
<a class="welcome">
Welcome: <?php echo $_SESSION['username']; ?>
</a>
</div>