I've created a add user page where users can be added to the database, the code is below i would want to compare two textbox and if they are matching(password=conform password) then it should be inserted in the database , how can i achieve that in php
<?php
require("../connect.php");
error_reporting(0);
/*
if(!(adminsessioncheck()))
header('location:index.php'); */
if(isset($_POST['add']))
{
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
?>
<div style=" width:250px; margin-left:auto; margin-right:auto;">
<div class="heading1" style="text-align:center">Add a new User</div>
<br>
<form action="" method="post" onsubmit="msgbox()">
<table width="330" height="135" border="0" class="text">
<tr>
<td><label>User Name</label></td>
<td><input type="text" name="username" id="username" required></td>
</tr>
<tr>
<td><label>Password</label></td>
<td><input type="password" id="password" name="password" required></td>
</tr>
<tr>
<td><label>Confirm Password</label></td>
<td><input type="password" id="cpassword" name="cpassword" required></td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td align="center"><input type="submit" name="add" value="Add"></td></tr>
</table>
</form>
</div>
</div>
Simple.
if($_POST['password'] !== $_POST['cpassword']) {
header("location:index.php")
} else {
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
To only check after post you can do this.
if(isset($_POST['add']))
{
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
if($_POST['password'] == $_POST['cpassword'])
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
else
//create error message
}
But it would be better to check before posting. Also NEVER insert unsanitized data into your database! ever! Plus others will tell you so i might as well mention mysql is deprecated, check out mysqli instead.
if(isset($_POST['add']))
{
$username=$_POST['username'];
$password=$_POST['password'];
if ($_POST['password']!= $_POST['cpassword'])
{
echo("Password did not match! Try again. ");
}
else
{
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
}
Related
What I would like to happen is for a user to fill out a form and that information be sent to a database. I am using html and php in dreamweaver, and WAM with phpMyAdmin.
I have tried everything and I cannot seem to get my .php file to work with my localhost test server (or any server for that matter). It is a sign up registration form, and there is a html document and a php document, I will include both:
HTML Form:
<table width="15px" border="0">
<form form action="localhost.php" method="POST">
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Skype Name</td>
<td><input type="text" name="skype" /></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="email" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td>Retype Password</td>
<td><input type="password" name="repass" /></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit"/></td>
</tr>
</form>
PHP File:
<?php
$hostname= "localhost";
$database = "boost";
$username = "root";
$password = "";
$localhost = mysqli_connect($hostname, $username, $password, $database);
if(mysqli_connect_errno())
{
die('Connection Failed'.mysqli_error());
}
?>
<html>
<head>
<title>Sign Up</title>
</head>
<body>
<?php
if(isset($_POST['Submit']))
{
$username=$_Post['username'];
$skype=$_Post['skype'];
$email=$_Post['email'];
$pass=$_Post['pass'];
$repass=$_Post['repass'];
if(empty($username) || empty($skype) || empty($email) || empty($pass) || empty($repass))
{
echo "Cannot leave any field blank";
}
elseif ($pass!=$repass)
{
echo "Passwords did not match! Please try again.";
}
else
{
$sql="INSERT INTO users(Username,SkypeID,Email,Password) " .
"VALUES ('$username','$skype','$email','$pass')";
$res=mysqli_query($localhost,$sql);
if(!$res)
{
die("Query Failed" .mysqli_error($localhost));
}
else
{
echo "Welcome";
}
}
}
When I enter data into the fields to test it out, data is not sent to the localhost server (or the one connected to WAM). I don't know what I am doing wrong here. Are my HTML and PHP documents not interconnected to share values? Is there something wrong with the code? Am I not defining my database properly?
SOLUTION: My "POST" and "submit" where not being treated as case-sensitive. Thanks for the help.
Have you try to edit your php :
isset($_POST['Submit']
and change it to :
isset($_POST['submit']
variable $_POST is case-sensitive so you should use the exact same name that you assign in your html code.
CMIIW
I have a login.html file with a form having username and password field and on submit button it checks the values from the form with the mysql database.
My PHP code is in different file called login.php
The problem is that it works fine when i put correct username and password. But if i put wrong inputs or keep them empty then instead if redirecting to the login.html page it redirects to login.php page.
login.php
<?php
### Check if the Submit button is clicked
if (isset($_POST['btnSubmit']))
{
# code...
//$uname=$_POST['uname'];
//$pswd=$_POST['pswd'];
#### Connection to mySQL ####
$conn=mysqli_connect("localhost","root","","vishal") or die("Unable to connect to MySQL");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($conn,"SELECT * FROM login where username = '$_POST[uname]' AND password = '$_POST[pswd]'") or die(mysql_error());
$row = mysqli_fetch_array($result) or die(mysql_error());
$username=$row['username'];
$password=$row['password'];
if (!empty($username) AND !empty($password))
{ # code...
//$_SESSION['username'] =$password;
header('location:welcome.html');
}
else //(empty($username) AND empty($password))
{ # code...
header('location:login.html');
die();
}
}
?>
login.html
<form action="login.php" name="login_form" method="post" enctype="multipart/form-data" target="_self">
<fieldset style="width:300px; margin:auto; margin-top:100px; border:solid 2px #900; background-color:#CCC; border-radius: 50px">
<h1 style="color:#306;"> <center> Login Form </center></h1> <br> <br>
<div style="margin-left:30px;">
<table>
<tr>
<td align="right"> <label for="uname"> <strong>Username :</strong> </label> </td>
<td> <input type="text" title="Username" id="uname" name="uname" placeholder="Username" /> </td>
</tr>
<tr><td> </td><td> </td> </tr>
<tr>
<td align="right"> <label for="pswd"> <strong>Password :</strong> </label> </td>
<td> <input type="password" title="Password" id="pswd" name="pswd" placeholder="Password" /> </td>
</tr>
<tr><td><br /> </td><td> <br /></td> </tr>
<tr>
<td></td>
<td> <input type="submit" title="Submit" name="btnSubmit" id="btnSubmit" value="Submit" style="width:100px; height:26px; font-weight:bold;" /> </td>
</tr>
<tr><td><br /> </td><td> <br /></td> </tr>
</table>
</div>
</fieldset>
</form>
use this code :
$result = mysqli_query($conn,"SELECT * FROM login where username = '$_POST[uname]' AND password = '$_POST[pswd]'") or die(mysql_error());
$row_count = mysql_num_rows($result);
if($row_count==1) {
$row = mysqli_fetch_array($result) or die(mysql_error());
$username=$row['username'];
$password=$row['password'];
header('location:welcome.html');
} else {
header('location:login.html');
die();
}
You have to do like this in login.php
<?php
### Check if the Submit button is clicked
if (isset($_POST['btnSubmit']))
{
$conn=mysqli_connect("localhost","root","","vishal") or die("Unable to connect to MySQL");
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(!empty($_POST['uname']) && !empty($_POST['pswd'])) {
$result = mysqli_query($conn,"SELECT * FROM login where username = '$_POST[uname]' AND password = '$_POST[pswd]'") or die(mysql_error());
$row_count = mysqli_num_rows($result);
if($row_count==1) {
$row = mysqli_fetch_array($result) or die(mysql_error());
$username=$row['username'];
$password=$row['password'];
header('location:welcome.html');
} else {
header('location:login.html');
die();
}
} else {
header('location:login.html');
die();
}
}
?>
I know little bit of php-mysql and web programming. For my project work, i made one login module, it contains two pages but it has some errors. I use WAMP for project, whenever i feed data and press login it does not go to profile.php page and session does not start. It show same page(login.php) after Login Button Pressed From last two days i was searching for this error but i cant solve it. My project have other several pages. Here is my code.
login.php
<html>
<head>
<link rel="stylesheet" type="text/css" href="text.css" ></link>
<title>Login</title>
</head>
<body>
<div class="container" >
<div id="header" style="text-align: center;" >
<table width="500" align="center">
<tr >
<img src="logo.jpg"/>
</tr>
</table>
</div>
<div>
<table class="form" align="center" style="height:200px;padding-left:30px;float-align:center;margin-left=20px;margin-top:40px;margin-bottom:20px;text-align:;padding-left:20px;">
<form action="loginproc.php" method="POST">
<tr>
<td align="center"colspan="780px" >
<h3 style="font-family:Calibri; font-size: 22pt;font-weight: bold; color:#3B8C8C;text-align: center;">LOGIN</h3></td>
</tr>
<tr>
<td>Email ID</td>
<td><input type="email" name="emailid" maxlength="50" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pwd" /></td>
</tr>
<tr>
<td colspan="3" align="center" style="margin-bottom:20px;">
<input type="submit" name="submit" class="button" value="Login" style="margin-bottom:20px;margin-top:20px;"/>
<input type="reset" name="reset" class="button" value="Reset" style="margin-bottom:20px;margin-top:20px;"/>
</tr>
</form></table></div>
</div>
</body>
</html>
loginproc.php
<?php
if(isset($_REQUEST['submit']))
{
$server="localhost";
$user="root";
$password="";
$db="utility";
$con = mysql_connect($server,$user,$password);
if(!$con)
{
die("Cannot Connect".mysql_error());
}
else
{
if(!mysql_select_db($db,$con))
{
header('Location: login.php');
}
else
{
$email = isset($_POST['emailid'])? $_POST['emailid']:"";
$email = mysql_real_escape_string($email);
$password = isset($_POST['pwd'])? $_POST['pwd']:"";
$password = mysql_real_escape_string($password);
$access = "SELECT * FROM register WHERE (email = '$email') AND (password = '$password')";
$access = mysql_query($access);
$accessrow = mysql_num_rows($access);
if($accessrow == 1)
{
include('session.php');
$_SESSION['email'] = $email;
header('Location: profile.php');
}
else
{
header('Location: home.php');
}
mysql_close($con);
}
}
}
?>
In your code posted, you have a leading space, which would prevent your session from starting since the session cookie has to be set before any output.
*SPACE*<?php
if(isset($_REQUEST['submit']))
{
Is that space an error in your post, or is that what you really have in your login.php file?
check the DB connection and this line if(!mysql_select_db($db,$con))
just so you know, use MySQLi or PDO_MySQL instead of MySQL as its deprecated.
Your code executed here
if(!mysql_select_db($db,$con))
{
header('Location: login.php');
}
May be the given database is not present, that's why login.php page is showing.Check your database.
And try to arrange your HTML code properly. You used Form inside Table.
It should be like this
<form>
<table>
// your code..
</table>
</form>
I am trying to create simple user registration form. I have an index.html file and a register.php file. When I click the submit button it goes to the register.php page, but nothing happens. There's no error or anything. I have some echo statements in register.php but they also don't work.
This is the code for index.html:
<form action="register.php" method="post">
<table width="384" border="1" align="center">
<? echo '<tr><td colspan="2">'.$final_report.'</td></tr>';?>
<tr>
<td width="50%">Username:</td>
<td width="50%"><label>
<input name="username" type="text" id="username" size="30" />
</label></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" value="" size="30" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" type="text" id="email" size="30" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="register" type="submit" id="register" value="Register" />
</label></td>
</tr>
</table>
</form>
This is code for register.php:
<?
include_once"config.php";
if(isset($_POST['register'])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y");
if($username == NULL OR $password == NULL OR $email == NULL){
$final_report.= "Please complete the form below..";
}else{
if(strlen($username) <= 3 || strlen($username) >= 30){
$final_report.="Your username must be between 3 and 30 characters..";
}else{
$check_members = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
if(mysql_num_rows($check_members) != 0){
$final_report.="The username is already in use!";
}else{
if(strlen($password) <= 6 || strlen($password) >= 12){
$final_report.="Your password must be between 6 and 12 digits and characters..";
}else{
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$final_report.="Your email address was not valid..";
}else{
$create_member = mysql_query("INSERT INTO `members` (`id`,`username`, `password`,`email`, `ip`, `date`)
VALUES('','$username','$password','$email','$memip','$date')");
$final_report.="Thank you for registering, you may login.";
}}}}}}
?>
Can anyone see the error?
include_once"config.php"
You seem to be missing a space. Either make it include_once "config.php" (notice the space in between) or include_once("config.php").
Also you set $final_report in register.php but I don't see where you are actually printing anything.
Edit: I see you are trying to print $final_report in index.php. This won't work as you expect unless you include the register.php code directly into index.html. Why don't you just have a single register.php file with both the registration script and the HTML code?
I have link change password in my home page..NOw i am telling you what i am doing...
First of all i creating a html form named edit_profile.php in which i have three textboxes old password,new password,confirm password.I have attcahed this page as a link to home page for changing password.
Next page i have designed named edit_profile1.php in which i am comaparing if new password and confirm passwords are equal or not
Then i making a query to search data with password = old password
But this page is not working.Now i am giving you the code both files and in last i will tell you what type error i am facing..
edit_profile.php
<?php
session_start();
?>
<html>
<body bgcolor="pink">
<table cellpadding="10" cellspacing="6" align="center" width="500">
<form name="form" action="edit_profile1.php" method="POST" >
<tr>
<td><b><i>Your Username</i></b></td>
<td><input type="text" name="username" id="username" size="30" maxlength="30" value="<?php echo $_SESSION['employee']['username']; ?>" disabled="disabled"></td>
</tr>
<tr>
<td><b><i>Old Password</i></b></td>
<td><input type="password" name="opassword" id="opassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>New Password</i></b></td>
<td><input type="password" name="npassword" id="npassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>Confirm Password</i></b></td>
<td><input type="password" name="cpassword" id="cpassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td align="center" colspan="100"> <input type="submit" name="submit" value="Change Password"></td>
</tr>
</table>
</body>
</html>
Next Page
Next page is for edit_profile1.php
<?php
session_start();
if(isset($_POST['opassword']) && ($_POST['npassword']))
{
$con=mysql_connect("localhost","root","");
if(!$con)
{
die('Could Not Connect:'.mysql_error());
}
mysql_select_db("tcs",$con);
$a=$_POST['opassword']; //old password value
$b=$_POST['npassword']; //new password value
$c=$_POST['cpassword'];
if ($b==$c) //checking if both new passowrd and c.password are equal or not
{
$pwd=hash('sha1',$b); //new value is assigned to pwd variable
$usr=$_SESSION['employee']['username']; //this varaible have value of username
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
$result=mysql_query($query,$con);
$count = mysql_num_rows($result);
if ($count == 1)
{
$sql="update employee set Password='$pwd'";
$deepak=mysql_query($sql,$con);
if($deepak)
{
echo "Updation Successfull";
}
else
{
echo "Updation Not Possible.Some Error is there";
}
}
else
{
echo "There is some problem in macthing the old password with database password";
}
}
else
{
echo "Both Passwords are Not equal";
}
}
else
{
echo 'Error! Passwords were not sent!';
}
?>
<html>
<body bgcolor="orange">
<h4 style="position: relative;">Home Page</h4>
</body>
</html>
Error:
Every time i try to execute my programe the error is
Thhere is some problem in macthing the old password with database password
Now i am not getting where i am falling wrong.In database i have only one user row.Plz tell me what is error
Shouldn't
$query="select * from employee where Username='{$usr}' and Password='{$c}'";
be
$a = hash('sha1', $a); // added after conversation in comments
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
instead? ($a instead of $c..)
Your script seems vulnerable to mysql-injection!
Apply mysql_real_escape_string to every value you insert in your SQL-Query!
It may be possible that your comparison doesn't work because there are extra spaces in the values your retrieve from the form. Try:
$a=trim($_POST['opassword']); //old password value
$b=trim($_POST['npassword']); //new password value
$c=trim($_POST['cpassword']);
Also:
if(isset($_POST['opassword']) && ($_POST['npassword']))
will not work.
You have to use:
isset($_POST['opassword']) && isset($_POST['npassword'])