Error message everytime

Error message everytime - php

This error has started ever since I hired a new developer for my website.
It just echos WRONG! when it is obviously the right login details.
Can you help me?
<?php
include "global.php";
?>
<h2>Login</h2>
<?php
echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. ";
?>
<br>
<br>
<?php
if(isset($_POST["email"])){
$email = $_POST["email"];
$password = sha1($_POST["password"]);
$check = mysqli_num_rows($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
if($check == 1){
echo "Logged in!";
}
else {
echo "WRONG!";
}
}
?>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
Email <input name="email" placeholder="Email Address" required="" type="text"><br>
Password <input name="password" placeholder="Password" required="" type="password"><br>
<input type="reset" value="Start Over">
<input type="submit" value="Login">
</form>

You are not at all executing the query !
See here
$check = mysqli_num_rows($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
You need to execute your query with mysqli_query() which is missing on your code.

Related

How to make an error msg with invalid username/password appear under the username/password boxes

Here is the code of the username check I don't know how to make a code for the error message
<?php
if ($_POST['username']) {
include_once "connect_to_mysql.php";
$username = stripslashes($_POST['username']);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM Users WHERE Us_Name='$username' AND Us_Password='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
$id = $row["Us_ID"];
$_SESSION['Us_ID'] = $id;
$username = $row["Us_Name"];
$_SESSION['Us_Name'] = $username;
header("location: Home2.php?id=$id");
}
} else {
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
exit();
}
}
?>
Add this is the code of the form.
I want the message to appear under the boxes of username and password
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
I want the message to look like something like this
errorMsg

Instead of:
print '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
Do:
$msg = '<br /><br /><font color="#FF0000">Invalid User Or Pass </font><br />';
And then in the HTML, do this:
<form action="Home.php" method="post" enctype="multipart/form-data" name="loginform" id="loginform">
<input type="text" id="username" placeholder="Email or Username"/>
<input type="password" id="password" placeholder="Password"/>
<?php echo $msg; ?> <!-- Here is where the message will appear -->
<input type="submit" id="login_button" value="Login">
<p id="reset_password">Forget your password? Reset it here.</p>
</form>
EDIT: Also, no need to exit();. Simply create the variable so you can echo it wherever you want it in your HTML by embedding your PHP in it.
Only printing will put it at the very top of the page, even before the <!DOCTYPE html>.

trying to check user entered mail already in database or not

can anyone help me where exactly I am going wrong with this code? I got wrong when I am trying to check if email already exists in database or not.
how can I check if email exists in DB or not?
<html>
<h1> Registration Form </h1>
<body>
<form method="post" action="">
<input type="text" name="fname" placeholder="first name" required><br><br>
<input type="text" name="lname" placeholder="last name" required><br><br>
<input type="text" name="mail" placeholder="mail" required> <br><br>
<input type="PASSWORD" name="pass1" placeholder="password" required> <br><br>
<input type="PASSWORD" name="pass2" placeholder="repeat password" required> <br> <br>
<input type="submit" name="submit">
</form>
<?php
if(isset($_POST['submit']))
{
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$mail = $_POST['mail'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 !== $pass2)
{
echo "password in correct ";
}
else
{
$db = mysqli_connect("localhost","root","","reviewsystem");
$check = "SELECT * FROM registers WHERE $mail = email";
if($check == TRUE){
echo "email already exists";
}
else{
$query = "INSERT INTO registers(fname,lname,email,password) VALUES('$fname','$lname','$mail','$pass1')";
mysqli_query($db,$query);
echo " you are registered succesfully";
}
}
}
?>
</body>
</html>

First thing first: you didn't perform any kind of query. You just created a string. Add a line:
$db = mysqli_connect("localhost","root","","reviewsystem");
$check = "SELECT * FROM registers WHERE $mail = email";
$result = mysqli_query($db, $check); //i think there is a typo, mysqi_query
After that you can use mysqli_num_rows which returns number of SELECT rows that came back from DB to identify if the entry already exists:
if(mysqli_num_rows($result) > 0){
echo "email already exists";
}

The problem is in your where clause of mysql query . You must write it as
$check = "SELECT * FROM registers WHERE email = '".$mail."'"; if($check == TRUE){ echo "email already exists"; } else{

Confirm user password before registration

I'm trying to check if user entered password correctly both times, but when I press submit button when passwords don't match in the password fields, it still registers me successfully.
<?php
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password2']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '" . $username . "'");
if (mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
if ($_POST['password'] != $_POST['password2'])
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
} else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('" . $username . "', '" . $password . "', '" . $email . "')");
if ($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
} else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Member Registration</h1>
<p>Thanks for visiting! Please either Register below, or
click here to Sing In.
</p>
<br>
<br>
<div class="container" style="width:250px; height:100px;">
<form class="form-signin" method="post"
action="registrationsimple.php" name="registerform"
id="registerform">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username"
class="form-control" placeholder="Username"/><br/>
<label for="password">Password:</label>
<input type="password" name="password"
id="password" class="form-control"
placeholder="Password"/><br/>
<label for="password2">Password2:</label>
<input type="password" name="password2"
id="password2" class="form-control"
placeholder="Password"/><br/>
<label for="email">Email Address:</label>
<input type="text" name="email" id="email"
class="form-control" placeholder="Email Adress" ;/>
<br/>
<input type="submit" name="register" id="register"
value="Register" class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"/>
</fieldset>
</form>
<?php
}
?>
</div>

I found many confusing lines in your codes:
First, You declare for password A, but not password B. So, it should be:
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
Second, You declared the variables but not using it to validate, so it should be:
if ($password != $password2) {
Third, The IF and ELSE structure is not (confused what should I say), so pls check again THAT structure. that makes PHP & browser gets confused too.
Forth, You have email which you don't include it there in PHP scripts.
From the statements above, I suggest you to see this follows:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
if(empty($_POST['username']) && empty($_POST['password']) && empty($_POST['password2'])){
echo "<h1>Error</h1>";
echo "<p>Sorry, you must fill all the fields. Please go back and try again.</p>";
}
elseif ($password!=$password2) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
}
elseif (//validate the email here){
//.....................
}
else{
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
else{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
}
else{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
//REMOVE ELSE IN THIS FOLLOWS!
else{
//............ ?????????????????????
}
?>
And at Last, Please change into MySQLI ext or (best recom = PDO).

Malformatted:
<input
type="text" name="email"
id="email" class="form-control"
placeholder="Email Adress"
/>
<br />
<input
type="submit" name="register"
id="register" value="Register"
class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"
/>
Logic appears to work as you intended.

Form wont submit to handler in different part of website

Alright so, I've been racking my brain, searching the web and I just can't find an answer.
I have my form, pretty easy etc.
<form id="loginForm" method="post" autocomplete="on" action="sign/in">
<fieldset id="body">
<fieldset>
<input name="email" type="text" placeholder="User Name / Email" id="email" autocomplete="email" required>
</fieldset>
<fieldset>
<input name="password" type="password" placeholder="Password" id="password" autocomplete="password" required>
</fieldset>
<input type="submit" id="login" data-url="sign/in" value="Log In">
</fieldset>
<span>Forgot your password?</span>
</form>
However, when it submits, the Variable $_POST["email"] doesn't get submitted (and $_POST["password"] too..) Anyone have any idea why this is?
It works fine when I send it via GET method.
But for obvious reasons i'm not doing that.
Any help would be appreciated!
==EDIT==
Here is the PHP Code. Keep in mind, its just temp code so its messy.
<?php
session_start();
include("config.php");
if(!isset($_POST['email']))
{
echo "File Not Found";
}
else
{
$u = mysql_real_escape_string($_POST["email"]);
$p = hash(whirlpool, mysql_real_escape_string($_POST['password']));
$q = mysql_query("SELECT uid FROM users WHERE email='$u' AND password='$p' LIMIT 1");
//if ($num_rows == 1)
if (mysql_fetch_array($q, MYSQL_ASSOC))
{
setcookie('email', $_POST['email'], time() + 2147483647, "/");
setcookie('password', hash(whirlpool, $_POST['password']), time() + 2147483647, "/");
$_SESSION['logged'] = 1;
$qSessions = mysql_query("SELECT * FROM users WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
$iSessions = mysql_fetch_row($qSessions);
$_SESSION['uid'] = $iSessions[0];
mysql_query("UPDATE users SET lastip='".$_SERVER['REMOTE_ADDR']."' WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
mysql_query("UPDATE users SET status=1 WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
setcookie('status', $_SESSION['status'], time() + 2147483647);
header("location:index.php");
}
else
{
echo "Sorry, there is no registered account with that email or the password is incorrect. Please login again.<br />";
echo "<a href='index.php'>Home</a>";
}
}
?>

PHP not writing data in MYSQL

This is a school project and this particular page is to register a new user it does not display errors but it does not fill the MYSQL data base the connection for the database is in another page and I used the require function functions.php is where I am writing the connection function please help :(
<?php
include_once("menu.php");
?>
<form action="login.php" method="POST">
<?php
if ((isset($_POST['username']))&& (isset($_POST['password'])) && (isset($_POST['password2'])) && (isset($_POST['email'])))
{
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
if ($password == $password2)
{
require_once("functions.php");
$connection = connectToMySQL();
$Query = "SELECT count(*) FROM tbl_users WHERE username='$username'";
$Result = mysqli_query($connection,$Query)
or die("Error in the query :". mysqli_error($connection));
$row = mysqli_fetch_row($Result);
$counter = $row[0];
if ($counter > 0)
{
echo "Username alredy exsist with the movie assosiation website<br/>";
echo "<input type=\"submit\" class=\"button\" value=\"Back\"/>";
}
else
{
$insertQuery = "INSERT INTO 'tbl_users'(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";
$insertResult = mysqli_query($connection,$insertQuery)
or die("Error in the query :". mysqli_error($connection));
echo "account created !! <br />";
echo "<input type=\"button\" class=\"button\" value=\"Log In\" onclick=\"location.href='login.php'\"> ";
}
}
}
else
{
?>
<label>
<span>Username:</span>
<input id="username" type="text" name="username" placeholder="enter your Username" required />
</label></br>
<label>
<span>Password</span>
<input id="password" type="password" name="password" placeholder="enter your Password" required />
</label></br>
<label>
<span>Re-Enter Password</span>
<input id="password2" type="password" name="password2" placeholder="re-enter your Password" required />
</label></br>
<label>
<span>Email</span>
<input id="email" type="email" name="email" placeholder="enter email" required />
</label></br>
<label>
<span> </span>
<input id="submit" class="button" type="submit" name="submit" value="Submit"/>
</label>
</form>
<?php
}
?>
<?php
require_once("footer.php")
?>

remove single quote from your table name
try this
$insertQuery = "INSERT INTO `tbl_users`(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";
instead of
$insertQuery = "INSERT INTO 'tbl_users'(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";

Error in your sql statement.
Try this.
$insertQuery = "INSERT INTO tbl_users (username,password,email,role) VALUES ('{$username}',sha1('{$password}'),'{$email}','registered')";
or this
$insertQuery = "INSERT INTO tbl_users (username,password,email,role) VALUES ('".$username."',sha1('".$password."'),'".$email."','registered')";

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Error message everytime - php

You are not at all executing the query ! See here $check = mysqli_num_rows($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'"); You need to execute your query with mysqli_query() which is missing on your code.

Related

How to make an error msg with invalid username/password appear under the username/password boxes

trying to check user entered mail already in database or not

Confirm user password before registration

Form wont submit to handler in different part of website

PHP not writing data in MYSQL

Categories

Resources