I try to display the user log in to the memberadd.php where i want to add other members, however, it doesn't display, instead it is blank. I post both the member add code and the log in code, it has something to do how the memberadd php didn't received the variable from the other files?
this is the memberadd code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Member Login</title>
</head>
<body>
<h1>My Member System</h1>
</body>
</html>
<?php
session_start();
require_once('sqlconnect.inc.php');
if(isset($_SESSION['membername']))
{
echo "<p>Welcome back". "<br />".$_SESSION['membername']."</p>";
$conn = #mysqli_connect($host,
$user,
$pswd,
$dbnm);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
#mysqli_select_db($conn, $dbnm)
or die ("Database not available");
}
$query = "SELECT member_name FROM team";
$result = mysqli_query($conn, $query);
if(!$result) {
echo "<p>Error with: ", $query, "</p>";
} else {
echo "<table width='10%' border='1'>";
echo "<tr><th>Member</th></tr>";
while ($row = mysqli_fetch_assoc($result)){
echo "<tr>";
echo "<td>",$row["member_name"],"</td>";
echo "</tr>";
}
echo "</table>";
mysqli_free_result($result);
}
}
//
?>
below is the login page
<?php
session_start();
require_once('sqlconnect.inc.php');
if (isset($_POST["login"]))
{
$conn = #mysqli_connect($host, $user, $pswd);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
$selectDatabase = #mysqli_select_db($conn,$dbnm)
or die("<p>The database is not available.</p>");
}
$email = $_POST['email'];
$passw = $_POST['password'];
$query = "SELECT member_email FROM team WHERE member_email = '$email' AND password = '$passw'";
$queryResult = #mysqli_query($conn,$query)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
if(mysqli_num_rows($queryResult) == 0) //user is not found
{
header('Location: login.php');
}else{
if(mysqli_num_rows($queryResult) == 1)
{
echo ("<p>User is found, Successful login!</p>");
echo('<p>member add </p>');
echo('<p>List/Remove member </p>');
echo('<p>Log out </p>');
exit();
$query2 = "SELECT member_name FROM team WHERE member_email = '$email' AND password= '$passw'";
$queryResult2 = #mysqli_query($conn, $query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$array = mysqli_fetch_row($queryResult2);
$_SESSION['membername'] = $array[0];
}
else
{
echo"<p>Email and password do not match</p>";
echo'<p>Home page </p>';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Member Login</title>
</head>
<body>
<form id='login' action='login.php' method='POST'>
<fieldset >
<legend><h1>My Team System Log in Page</h1></legend>
<?php $email = isset($_POST['email']) ? filter_var($_POST['email'], FILTER_SANITIZE_STRING) : ''; ?>
<label for='email' >Email:</label>
<input type='text' name='email' id='email' maxlength="50" value="<?php echo $email; ?>" />
</div>
<br />
<div class="elements">
<label for='password' >Password:</label>
<input type='password' name='password' id='password' maxlength="50" />
</div>
<br />
<div class="submit">
<input type='submit' name='login' value='Login' />
<input type='reset' name='Submit' value='Clear' />
<br />
<div class="elements">
Home
</fieldset>
</form>
</body>
</html>
You set the session as membername but you then try to call name. As in, you should correct the bit where you display the user's name into $_SESSION['membername'].
Blank screen is usually a parse error...
echo "<p>Error with: ", $query, "</p>";
Should be
echo "<p>Error with: ".$query."</p>";
echo "<td>",$row["member_name"],"</td>";
Should be
echo "<td>".$row["member_name"]."</td>";
Well I can tell you about what I see:
You set the session of the member name like this
$_SESSION['membername'] = $array[0];
But in memberadd.php you retrieve it like this:
echo "<p>Welcome back". "<br />".$_SESSION['name']."</p>";
So you should change to the same name you set it to :
echo "<p>Welcome back". "<br />".$_SESSION['membername']."</p>";
3 errors I see -
1. your session_start() is not at the top/start of your code.
2. you echo before setting your session value
3. you use exit(); after your echo and before setting your session value.
also, you are wide open to sql injection, and you should hash your passwords.
I am sorry guys, I've made a mistake on the early file I did, which is the signup file where people registered, and I set the session name there ['name'] instead of ['membername']. Is all fine now.
Related
Hi i have got a sample php login system script. Unfortunately when i enter correct login credentials, it refreshes and remains on the index.php prompting me to login again. My guess is that the seession may not be storing properly.
Please Find the source code below:
index.php
<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="main">
<?php
if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
{
?>
<h1>Member Area</h1>
<p>Thanks for logging in! You are <b><?=$_SESSION['Username']?><b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
<ul>
<li>Logout.</li>
</ul>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please click here to try again.</p>";
}
}
else
{
?>
<h1>Member Login</h1>
<p>Thanks for visiting! Please either login below, or click here to register.</p>
<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
register.php
<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="main">
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
}
else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Register</h1>
<p>Please enter your details below to register.</p>
<form method="post" action="register.php" name="registerform" id="registerform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
<input type="submit" name="register" id="register" value="Register" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
base.php
<?php
session_start();
$dbhost = "MY HOST"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "MY DB"; // the name of the database that you are going to use for this project
$dbuser = "MY DB USER"; // the username that you created, or were given, to access your database
$dbpass = "MYPASSWORD"; // the password that you created, or were given, to access your database
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>
logout.php
<?php include "base.php"; $_SESSION = array(); session_destroy(); ?>
<meta http-equiv="refresh" content="0;index.php">
Please note that the registration is working correctly. its just that when i log in with the correct username and password its accepts but when refreshing asks me to login again. I would like for it to remain on the members area, until the logout is clicked.
Your if condition (in your index.php file) checks if it's empty; that is wrong.
Try this:
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username']))
or
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
instead of
if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
It look like your first condition is not correct.
The condition should be, if not empty then you are logged !!!
I am currently making a login form and although there are no error as far as i know when i tried to log in, however, it doesn't show any successful message or whatsoever so i don't know if I successfully log in or not.
<?php
session_start();
require_once('sqlconnect.inc.php');
if (isset($_POST["Login"]))
{
$conn = #mysqli_connect($host, $user, $pswd);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
$selectDatabase = #mysqli_select_db($conn,$dbnm)
or die("<p>The database is not available.</p>");
}
$email = $_POST['email'];
$passw = $_POST['password'];
$query = "SELECT member_email FROM team WHERE member_email = '$email' AND password = '$passw'";
$queryResult = #mysqli_query($conn,$query)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
if(mysqli_num_rows($queryResult) == 0) //user is not found
{
header('Location: login.php');
}else{
if(mysqli_num_rows($queryResult) == 1)
{
echo ("<p>User is found, Successful login!</p>");
echo('<p>member add </p>');
echo('<p>Log out </p>');
$query2 = "SELECT member_name FROM team WHERE member_email = '$email' AND password= '$passw'";
$queryResult2 = #mysqli_query($conn, $query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$array = mysqli_fetch_row($queryResult2);
$_SESSION['membername'] = $array[0];
}
else
{
echo"<p>Email and password do not match</p>";
echo'<p>Home page </p>';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Register Page</title>
</head>
<body>
<form id='login' action='login.php' method='POST'>
<fieldset >
<legend><h1>My Team System Log in Page</h1></legend>
<?php $email = isset($_POST['email']) ? filter_var($_POST['email'], FILTER_SANITIZE_STRING) : ''; ?>
<label for='email' >Email:</label>
<input type='text' name='email' id='email' maxlength="50" value="<?php echo $email; ?>" />
</div>
<br />
<div class="elements">
<label for='password' >Password:</label>
<input type='password' name='password' id='password' maxlength="50" />
</div>
<br />
<div class="submit">
<input type='submit' name='login' value='Login' />
<input type='reset' name='Submit' value='Clear' />
<br />
<div class="elements">
Home
</fieldset>
</form>
</body>
</html>
Either you have an error from the mysql call that is being masked by using the # or the code block where you have the header function is being called. What happens if you remove the # and/or replace the header call with just a plain
echo "Debug: Test";
I looked on http://www.phpportalen.net/wiki/index.php?page=Enkel+inloggning+med+MySql+och+sessioner to how to do a simple login.
But when i try to login now it says that the username or password is wrong. So Im guessing something is not right in my control dokument, where im checking the usernamne and password to the database.
In the exampel i looked on they have it all in the same page, so im guessing I need to change more than i thougt.
This is the code in the loginside:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
<link href="stylesheet.css" media="screen" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if(!isset($_SESSION["sess_user"])){
if(isset($_GET['badlogin'])){
echo "Fel användarnamn eller lösenord, försök igen!";
}
?>
<form method="post" action="check.php">
<p>User</p>
<input name="user" type="text" />
<p>Password</p>
<input name="password" type="text" />
<input name="logIn" type="submit" value="Log in" />
</form>
<?php
}
else{
header("Location: admin.php");
}
?>
</body>
</html>
And this is the code in my controlside:
<?php
session_start();
?>
<?php
function db_escape($post){
if(is_string($post)){
if(get_magic_quotes_gpc()){
$post = stripslashes($post);
}
return mysqli_real_escape_string($post);
}
foreach($post as $key => $val){
$post[$key] = db_escape($val);
}
return $post;
}
if(isset($_POST["logIn"])){
// Connect to db
$dbConn = mysqli_connect("localhost","sabe0011","lösen","sabe0011");
$dbConn->set_charset("utf8");
// Check connection
if(mysqli_connect_errno($dbConn)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$_POST = db_escape($_POST);
$checkUserSQL = mysqli_query($dbConn, "SELECT * FROM Users WHERE User ='{$_POST['user']}' AND Password ='{$_POST['password']}'");
if(mysqli_num_rows($checkUserSQL) == 0){
header("Location: login.php?badlogin=");
exit;
}
$_SESSION['sess_id'] = mysqli_store_result($checkUsersSQL, 0);
$_SESSION['sess_user'] = $_POST['user'];
header("Location: admin.php");
exit;
}
?>
Your parameters in your query should be escaped like:
$checkUserSQL = mysqli_query($dbConn, "SELECT * FROM Users WHERE User =" . $_POST['user'] . " AND Password = " . $_POST['password']);
But in term of security, you have to see at the prepared query here.
Well, yet another undefined index appears :
I am trying to change a select row in a database, but so far it doesn't seem to work, I only get
Notice: Undefined index: EierID in C:\WampServer\www\Hundeklubben\ChangeO.php on line 19.
I have tried some fixes, but none worked.
<?php require_once('Connections/hundeklubb.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Endring av eier</title>
<link rel="stylesheet" href="index.css" />
</head>
<body>
<?php
if(isset($_GET['EierID'])){ $name = $_GET['EierID']; }
//Tried with both $_GET and $_POST
?>
<?php
$UID = (int)$_GET['EierID'];
$query = mysql_query("SELECT * FROM eiere WHERE EierID = '$UID'") or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$navn = $row['Navn'];
$bosted = $row['Bosted'];
}
?>
<form name="form1" action="update.php" method="POST" id="form1">
<input type="hidden" name="ID" value="<?=$UID;?>">
Navn: <input type="text" name="ud_navn" value="<?=$navn?>"><br>
Bosted: <input type="text" name="ud_bosted" value="<?=$bosted?>"><br>
<input type="Submit" value="Oppdater">
</form>
<?php
}else{
echo 'No entry found. Go back';
}
?>
<?php var_dump($UID); ?>
</body>
</html>
The var_dump gives me int 0. I'm not sure what it is supposed to be.
update.php
<?php require_once('Connections/hundeklubb.php'); ?>
<?php
$ud_ID = (int)$_POST["ID"];
$ud_navn = mysql_real_escape_string($_POST["ud_navn"]);
$ud_bosted = mysql_real_escape_string($_POST["ud_bosted"]);
$query="UPDATE eiere
SET navn = '$ud_navn', bosted = '$ud_bosted'
WHERE ID='$ud_ID'";
mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
echo "<p>($ud_ID) Record Updated<p>";
}else{
echo "<p>($ud_ID) Not Updated<p>";
}
?>
It is because $_GET['EierID'] is not set.
Try this :
$UID = isset($_GET['EierID'])?$_GET['EierID']:"";
In update.php also do the same thing : $ud_ID = isset($_POST["ID"])?$_POST["ID"]:"";
If your variable doesn't exist you will get an error trying to cast that int.
<?php
if(isset($_GET['EierID'])){
$name = $_GET['EierID'];
$UID = (int)$_GET['EierID'];
}else{
//set to 0 or any default value you want to set when EierID doesn't exists
$UID = 0;
}
?>
I have a dropdown menu that is filled by a mysql database. I need to select one and have it send the information for use on the next page after clicking submit. It does populate the drop down menu like it is supposed to it just does not seem to catch the data on the next page. Here is what I have:
removeMain.php
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<form action="remove.php" method="post">
<?php
$link = mysql_connect('********', '********', '*********');
if (!$link){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("********", $link);
$res = mysql_query("SELECT * FROM cardLists order by cardID") or die(mysql_error());
echo "<select name = CardID>";
while($row=mysql_fetch_assoc($res)) {
echo "<option value=$row[ID]>$row[cardID]</a></option>";
}
echo "</select>";
?>
Amount to Remove: <input type="text" name="Remove" />
<input type="submit" />
</form>
<body>
</body>
</html>
remove.php
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<?php
$link = mysql_connect('*********', '*********', '*********');
if (!$link){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("***********y", $link);
$query = sprintf("UPDATE cardLists SET AmountLeft = AmountLeft - %s WHERE cardID = '%s'", mysql_real_escape_string($_POST["Remove"]), mysql_real_escape_string($_POST["CardID"]));
mysql_query($query);
mysql_close($link);
?>
<br />
<input type="submit" name="return" id="return" value="Update More" />
<input type="submit" name="main" id="main" value="Return To Main" />
</body>
</html>
while($row=mysql_fetch_assoc($res)) {
echo "<option value=$row[ID]>$row[cardID]</a></option>";
}
echo "<option value=$row[ID]>$row[cardID]</a></option>"; should be
echo "<option value=$row[ID]>$row[cardID]</option>";
dont know if that solves your problem, but it was the first thing i noticed
echo "<select name = CardID>";
should be:
echo "<select name = \"CardID\">";