I'm trying to make a website with a member section. To signup on the member section, you must already be in the database. You're given your username and password, then when you signup you can enter your email, address, and password.
So my problem is that I'm getting an error saying that the username or reg_id were incorrect, when I know that I am entering the correct info.
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
Here is my Login Form:
<form action="function.php?signup" method="post">
<table cellspacing="20" class="span12">
<tr>
<td>
<input type="text" name="name" placeholder="Full Name">
</td>
</tr>
<tr>
<td>
<input type="email" name="email" placeholder="Email">
</td>
</tr>
<tr>
<td>
<input type="text" name="address" placeholder="Address">
</td>
</tr>
<tr>
<td>
<input type="text" name="reg_id" placeholder="Your Registration ID">
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Password">
</td>
</tr>
<tr>
<td>
<input type="submit" placeholder="Confirm Signup" value="Confirm Signup">
</td>
</tr>
</table>
</form>
On the function.php I have a bunch of different functions etc. but the one for the signup form is:
elseif (isset($_GET['signup'])) {
$username = $_POST['username'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("
SELECT *
FROM users
WHERE username = '$username'
AND registration_id = '$reg_id' ", $con);
if (!$qry) {
mysql_close($con);
die("Query Failed: " . mysql_error());
} else {
$row = mysql_fetch_array($qry);
}
if ($_POST['username'] == $row["username"] && $_POST['reg_id'] == $row["registration_id"]) {
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry = mysql_query("
INSERT INTO users
(password, profile_email, profile_address)
VALUES ('$password', '$email', '$address')", $con);
if (!$qry) {
die("Query Failed: " . mysql_error());
} else {
header('location: index.php?success-msg=You have successfully signed up');
}
}
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}
I'm not sure what I messed up on, or if I even did that right, as I am still learning. I would like to thank anyone who helps me in advance, all help is much appreciated.
-James
$_POST['username'] should be $_POST['name'] accoding to HTML form.
Use update instead of INSERT.
Following is the corrected PATCH:
$qry = mysql_query("UPDATE users SET password='$password',profile_email='$email',profile_address='$address'
WHERE registration_id='$reg_id'");
you could use something like this :
if (isset($_GET['signup'])){//if
$username = $_POST['name'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("SELECT * FROM users WHERE username='$username' AND registration_id='$reg_id'", $con) or die(mysql_error());
$row=mysql_num_rows($qry);
if($row == '1'){ ///if regcode exists
////insert into database
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry2 = mysql_query("INSERT INTO
users(password,profile_email,profile_address)
VALUES ('$password','$email','$address')", $con) or die(mysql_error());
header('location: index.php?success-msg=You have successfully signed up');
}///if regcode exists
else{
///didn't find the reg id
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}//if
Related
I am trying to create a simple registration form. I have a file for connecting to database
conn.php
<?php
$db_name = "bp_reader";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$conn = mysqli_connect ($server_name, $mysql_username, $mysql_password, $db_name);
/*the connection here is fine*/
if($conn){ echo "connected"; }else{ echo "not connected"; }
?>
the registration php
<?php
require "conn.php";
$name = $_POST["name"];
$email = $_POST["email"];
$age = $_POST["age"];
$height = $_POST["height"];
$weight = $_POST["weight"];
$password = $_POST["password"];
//check if user exists
$sql = "select * from user_profile where user_email like '".$email."';";
$result = mysqli_query($conn, $sql);
$response = array();
if(mysqli_num_rows($result) > 0){
$code = "registration failed";
$message = "User already exists";
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}else {
$sql = "insert into user_profile values ('".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
$result = mysqli_query($conn, $sql);
$code = "registration Success";
$message = "Thank you for registration... you can login now..";
//jason data
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}
mysqli_close($conn);
?>
and i have a simple html registration form
<html>
<body>
<form action="register.php" method="post">
<table>
<tr>
<td>Name:</td>
<td>
<input type="text" name="name" /> </td>
</tr>
<tr>
<td>Email:</td>
<td>
<input type="email" name="email" /> </td>
</tr>
<tr>
<td>DOB:</td>
<td>
<input type="date" name="age" /> </td>
</tr>
<tr>
<td>height:</td>
<td>
<input type="number" name="height" /> </td>
</tr>
<tr>
<td>weight:</td>
<td>
<input type="number" name="weight" /> </td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type="password" name="password" /> </td>
</tr>
<tr>
<td>
<input type="submit" value="Register" /> </td>
</tr>
</table>
</form>
</body>
</html>
The problem is when I fill the form and submit, I get the correct response that the registration is successful however when I check my database on phpMyAdmin, the database remain unchanged. I am not able to figure out where the problem is.
If you have id field as identifier and autoincrement, you should set its:
$sql = "insert into user_profile values ('', '".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
I'm currently working on a class project where I have to verify the username and password against a database. I stored the values of the username and password in individual arrays and I'm trying to verify that the user input matches one of the values in there. However, that's not happening, and I'm not sure how to fix it. Thanks for your help!
<?
connectDB();
$sql = "SELECT* FROM employee";
$result = mysqli_query($db,$sql) or die ("SQL error: " . mysqli_error());
$row = mysqli_fetch_array($result);
$password = array();
$username = array();
while($row = mysqli_fetch_array($result))
{
$password[] = $row['emp_pword'];
$username[] = $row['emp_username'];
}
var_dump($password);
var_dump($username);
?>
<?php if (isset($_REQUEST['page1_submit'])) {
if (($_REQUEST['pword'] == $password) and ($_REQUEST['user'] == $username)) {
header('location:home_agent.php');
} else { ?>
<h2>Wrong Password! Try again.</h2>
<form method="POST" action="login.php">
<table class="info">
<tr>
<th>Username:</th>
<td><input type="text" NAME="username" />
</td>
<th>Password:</th>
<td><input type="password" NAME="pword" /></td>
</tr>
</table>
<input class="submit" type="submit" name="page2_submit" value="SUBMIT" />
<input class="submit" type="reset" value="RESET" />
</form>
<?php }
ME TOO THINKS YOU ARE WRONG .
YOU JUST EXECUTE QUERY
" SELECT * FROM TBLE_NAME WHERE username=$username AND password=$password"
check this query gives a non empty list for verify login
thats all.
This question already has answers here:
How can I get useful error messages in PHP?
(41 answers)
Closed 9 years ago.
I'm trying to create a sign up form. However whnever I click on the sign up button, the database does not get updated but just shows the blank signup.php page. Any ideas?
This is my php code
<?php
include("config.php");
//including config.php in our file
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
$qry = mysql_query($check);
$num_rows = mysql_num_rows($qry);
if ($num_rows > 0) {
// Check if username exists or not.
echo "The username you have entered already exists. Please try another username. Thank you";
echo 'Try Again';
exit;
}
// Insert the new user into the database
$query = "INSERT INTO Users (`firstname`,`lastname`,`email`,`username`,`password`,`is_active`) VALUES ('".$first_name."','".$last_name."','".$username."','".$password."','".$mail."','1');";
mysql_query($query);
echo "Thank You for Registering with us. You will now be able to use all our facilities.";
echo 'Click Here to login you account.';
exit;
}
?>
This is my html form
<html>
<head>
<title>Registration Page | Simple login form</title>
</head>
<body>
<div id="containt" align="center">
<form action="signup.php" method="post" class="form-signup">
<div id="header"><h2 class="sansserif">Sign up</h2></div>
<table>
<tr>
<td>Select Your Firstname:</td>
<td> <input type="text" name="firstname" size="20" placeholder="First name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Lastname:</td>
<td> <input type="text" name="lastname" size="20" placeholder="Last name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Username:</td>
<td> <input type="text" name="username" size="20" placeholder="User name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Password:</td>
<td><input type="password" name="password" size="20" placeholder="Password"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Email:</td>
<td> <input type="text" name="email" size="20" placeholder="Email"><span class="required">*</span>
</td>
</tr>
<tr>
<td><input type="submit" value="Sign Up" class="btn btn-large btn-primary"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
if(!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname'])
&& !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
You check if username='$user' but you didn't declared any variable with the name of '$user'.
You should write:
$check = "SELECT * from users where username = '".$username."'";
I want to create an admin page with login and if the user is logged and he is admin in my database the content must appear, if is not an admin the content will appear but without some privileges. And if the user and password did not match with any user and password form database a message error must appear.
This is my HTML code:
<form action="admin.php" method="post">
<table>
<tr><td>
<label>User:   </label> </td> <td><input type="text" class="text" name="user"/> <span></span>
</td></tr>
<tr><td>
<label>Password:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
</td></tr>
<tr ><td colspan="2">
<p align=center><input type="submit" class="submit" value="Log In" /> </p>
</td></tr>
This is my PHP code:
<?php
require_once('config.php');
$user = $_POST['user'] ;
$pass = $_POST['pass'] ;
$sql='SELECT * FROM users';
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
?>
My table is:
|ID_user| user |password|is_admin|
| 1 |admin | admin | 1 |
Thank you!
Your SQL is already.. not good. You're using mysql_, but let's skip that for now. You're not checking if the user exists and if the passwords match.
$result = mysql_query("SELECT * FROM `users` WHERE `username` = $user AND `password` = $pass");
if(mysql_num_rows($result) > 0) { //so if user exists where user = adimouse91 and pass = mouse, it'll be one
echo 'this is content for logged in users';
}
$isAdmin = mysql_fetch_assoc($result);
if($isAdmin['is_admin'] == '1') {
echo 'this is content for admins';
}
I have not taken into account password salts and hashing in general (which you should do!) or sessions. Sessions make your life easier (imagine if you could just do if($_SESSION['admin'] == 1) { }!).
I did it! The answer:
admin.php
<div id="content">
<div id="main_r">';
require_once('config.php');
if (isset($_GET['err'])){
$err=$_GET['err'];
if($err==1)
echo'<h4>Pls insert user and pass!</h4>';
else if ($err==2)
echo'<h4>User and pass are incorect!</h4>';
}
if(!isset($_COOKIE["TestCookie"]))
echo'
<form action="dologin.php" method="post">
<table>
<tr><td>
<label>User:   </label> </td> <td><input type="text" class="text" name="user"/> <span></span>
</td></tr>
tr><td>
<label>Pass:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
</td></tr>
<tr ><td colspan="2">
<p align=center><input type="submit" class="submit" value="Log In" /> </p>
</td></tr>
</table>';
else{
$curr = $_COOKIE['TestCookie'];
$sql = "SELECT user, admin FROM useri WHERE ID_user='$curr'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
echo'<h4>Welcome '.$row['user'].'</h4>
</div>';
}
dologin.php
<?php
require_once('config.php');
if (isset($_POST['user']) && isset($_POST['pass']))
{
$user = $_POST['user'] ;
$pass = $_POST['pass'] ;
$pass_hash = md5($pass);
$err = 0;
if (!empty($user) && !empty($pass))
{
$sql="SELECT ID_user FROM useri WHERE user='$user' AND password='$pass_hash'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($result)
{
$num_rows = mysql_num_rows($result);
if($num_rows==0)
$err=2;
else if ($num_rows==1)
{
$ID_user = $row['ID_user'];
//echo $ID_user;
setcookie("TestCookie",$ID_user, time()+3600);
}
}
} else
$err=1;
header("Location: http://yoursite/admin.php?err=".$err);
exit;
}
?>
I have tried to implement a form that changes a password in a database, however, when I submit the details on the form, it just directs me to the target page...but shows up and the plaintext code on the browser....why is it doing this!
The form:
<h1 align="center">Change Password</h1>
<form method="POST" action="reset_pwd.php">
<table class='altrowstable' id='alternatecolor' >
<tr>
<td align="right">Username: </td>
<td><input type="TEXT" name="username" value=""/></td>
</tr>
<tr>
<td align="right">Current Password: </td>
<td><input type="password" name="password" value=""/></td>
</tr>
<tr>
<td align="right">New Password: </td>
<td><input type="password" name="npassword" value=""/></td>
</tr>
<tr>
<td align="right">Repeat New Password: </td>
<td><input type="password" name="rpassword" value=""/></td>
</tr>
<tr><td align="center">
Forgot password
</td>
<td>
<input type="submit" name="submit" value="Change Password"/>
</td>
</tr>
</table>
</form>
<br>
<?php echo $msg; ?>
and the target php page:
<?php
include('dbconfig.php');
$msg = "";
if (mysql_real_escape_string($_POST['submit'])):
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$npassword = mysql_real_escape_string(md5($_POST['npassword']));
$rpassword = mysql_real_escape_string(md5($_POST['rpassword']));
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)):
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
$dbfirstname = $rows ['firstname'];
$dblastname = $rows ['lastname'];
endwhile;
if (empty($username) || empty($password) || empty($npassword) ||
empty($rpassword)):
$msg = "All fields are required";
elseif ($numrows == 0):
$msg = "This username does not exist";
elseif ($password != $dbpassword):
$msg = "The CURRENT password you entered is incorrect.";
elseif ($npassword != $rpassword):
$msg = "Your new passwords do not match";
elseif ($npassword == $password):
$msg = "Your new password cannot match your old password";
else:
mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id =
'$username'");
$to = $email;
$subject = "YOUR PASSWORD HAS BEEN CHANGED";
$message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
because you have requested a PASSWORD CHANGE. ";
$from = "myemail#.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
endif;
endif;
?>
PLease check... What is the type of "user_id" in "user_info" table... and what are you getting in user name field from your form.
am asking about this query...
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
First $msg in target php is only for target php,won't return value back to the form
Second,you may looking for
if (isset($_POST['submit'])): instead of
if (mysql_real_escape_string($_POST['submit'])):
There is no html response from the target page to be displayed in browser. For displaying content you need to form proper html so that it can be displayed in browser.
In target page add the below html code at the end so that the message (validation or success) can be displayed.
<html><body>put your message here</body></htm>
You might have forgotten an extra ?> at the end of your included file "dbconfig.php", thus treating your target php page as html.