I made login.php file by following video tutorial and I am trying to make so that the page will show exist instead of blank page. I know that user exists because I made user with my name on phpMyAdmin.
Her is the code
<?php
include 'core/init.php';
if (user_exists('Denis') === true) {
echo 'exists';
}
die();
if(empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';
}
}
?>
Init.php
<?php
session_start();
error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$errors = array();
?>
you are calling the die() function at line 7
this function terminates the running script
Clearly user_exists('Denis') is returning false, since it's getting past the echo 'exists'; line and hitting the die() call.
Depending on how you are returning your boolean, you might try two "==" signs rather than three. It might not be able to type cast.
You can try:
if (user_exists('Denis')) {
echo 'exists';
}
As long as user_exists('Denis') evaluates to true (i.e. is not empty or 0), you will "exists" will be echoed.
If that doesn't work, try to figure out why user_exists() is getting a falsy value. There may be something wrong with the logic to check if a user exists.
Related
I'm trying to modify a login script from a File Manager I currently use on my website.
Currently, when the login attempt fails (wrong password, blank fields, etc..) an error message is stored in the $errors variable, and at the end of the script a function will include a file.php with $errors as a parameter, so the error message can be echo'd.
What I am unsuccessfully trying to do is replacing this include + parameter($errors) by a header() + $errors.
I have been around every thread dealing with this but so far I haven't found anything that works for me, I need some help : /
Here is the part of the login script that store the error message in $errors and include the file.php :
if(!isset($_SESSION['simple_auth']['username']) || isset($_GET["login"])) {
session_destroy();
session_start();
if(isset($_POST["submit"])) {
$user = gg::getUser($_POST['username']);
if (isset($user['permissions']) && !strstr($user['permissions'], 'r')
|| ($user['username'] == 'guest' && ggconf::get('allow_guests') == false)){
$errors = "Access Forbidden";
gg::writeLog('auth bad - not activated');
}
if (!isset($_POST['username']) || !isset($_POST['password']) || $_POST['username'] == '' || $_POST['password'] == ''){
$errors = "Enter username and password.";
gg::writeLog('auth bad - blank fields');
}
if (isset($user['akey']) && $user['akey'] != '' && strpos($user['akey'], 'otp-') === false){
$errors = "Please open your email and click on the link to proceed.";
gg::writeLog('auth bad - not activated');
}
if(!$errors && $user['username'] == $_POST['username'] && gg::checkPassword($_POST['password'], $user['password'])){
$this->loginUser($user);
}
if(!$errors){
$errors = "Wrong username or password.";
gg::writeLog('auth bad - wrong username or password');
sleep(1);
}
}
if (!isset($_GET["login"]) && ggconf::get('allow_guests') == true){
$user = gg::getUser('guest');
if($user){
$this->loginUser($user);
}
// reload
header('Location: '.ggconf::get('base_url'));
die;
}
gg::display("login.php", array('errors' => $errors));
exit;
}
As you see at the end of this code is the gg::display function that will include the file and its parameter, the function gg::display is the following :
/* DISPLAY VIEWS CONTROLLER */
public static function display($view, $params = null){
require_once ggconf::get('base_path').$view;
}
And last, here is the code inside the file.php that will display the error :
<?php if (isset($params['errors'])):?>
<div class=>
<?php echo $params['errors'];?>
</div>
<?php endif;?>
How can I get my variable $errors with a header() instead of the require_once currently used in the script ?
I found a lot threads dealing with this but nothing worked for me, also note that I'm not very experienced in php yet.
Anyways, I'm thankful for the help, and any suggestions are welcome.
-apatik
If you are redirecting to another page you should store the parameters via php session
session_start(); // this should be on top
$_SESSION['errors'] = $errors; // Add this after writing an error
And here is the view
<?php if (isset($_SESSION['errors'])):?>
<div class=>
<?php echo $_SESSION['errors'];?>
</div>
<?php endif;?>
I made a script that shows the value of "school_id" in url parameter.
http://mywebsite.com/mygrade?school_id=00000
I use $_GET['school_id'] to display the ID number.
<?php echo $_GET['school_id']; ?>
But I what I want is if the parameter "school_id" is empty, I want to display the previous data entered.
Example, the user already browse http://mywebsite.com/mygrade?school_id=00000 then he browse http://mywebsite.com/mygrade?school_id= which id has no value. It will still display 00000 which is the previous ID he used.
I used this code below but doesn't work.. :(
<?php
session_start();
$_SESSION['schoo_id'] = $_GET['school_id'];
if ($_GET['school_id'] === null || $_GET['school_id'] == ""){
echo $_SESSION['schoo_id'];
}
else{
$_GET['school_id'];
}
?>
Anyone who get my point and could help me?
I'm going to break this down line by line, please let me know in the comments if I need to explain anything further:
Self explanatory:
<?php
session_start();
There is a typo here:
$_SESSION['schoo_id'] = $_GET['school_id'];
But! Fixing it won't resolve your problem. What happens if $_GET['school_id'] is not defined/blank? Guess what, $_SESSION['school_id'] is now blank. Obviously you don't want this behavior, so you'll want to only set $_SESSION['school_id'] if $_GET['school_id'] is defined
accessing $_GET['school_id'] will throw an E_NOTICE error if it isn't defined, so you'll want to instead check its existence, rather than checking to see if it is null.
if ($_GET['school_id'] === null || $_GET['school_id'] == ""){
Oh, that typo was intended. Why misspell school though? No need! :)
echo $_SESSION['schoo_id'];
What is this doing? Nothing! No echo, nothing. Just accessing a variable and doing nothing with it.
}
else{
$_GET['school_id'];
}
?>
Here's what your code should look like, or at least I believe is what you intend:
<?php
session_start();
if (isset($_GET['school_id']) && $_GET['school_id'] !== ""){
$_SESSION['school_id'] = $_GET['school_id'];
}
// $_SESSION['school_id'] will be guaranteed to be what $_GET['school_id'] is (if set)
// or whatever it was last time it was defined
// always echo it.
echo $_SESSION['school_id'];
?>
<?php
session_start();
if ($_GET['school_id'] === null || $_GET['school_id'] == ""){
echo $_SESSION['schoo_id'];
}
else{
$_GET['school_id'];
$_SESSION['schoo_id'] = $_GET['school_id']; //here set the session
}
?>
I agree with Salman A, the simplest way:
<?php
session_start();
if (is_int($_GET['school_id'])) $_SESSION['school_id'] = $_GET['school_id'];
// further use $_SESSION['school_id'] for your needs.
?>
what you need to do here is save the GET value in SESSION only if it is set for later use so this should work
<?php
session_start();
if (!isset($_GET['school_id']) || $_GET['school_id'] === null || $_GET['school_id'] == ""){
echo $_SESSION['schoo_id'];
}
else{
$_SESSION['schoo_id'] = $_GET['school_id'];
echo $_GET['school_id'];
}
?>
You almost have it.
<?php
session_start();
if (isset($_GET['school_id']) && trim($_GET['school_id']) !== '') {
// its a fair assumption to make that 'school_id' is intended to be an integer,
// however I will not make that assumption on the OP's behalf.
$_SESSION['school_id'] = $_GET['school_id'];
}
if (isset($_SESSION['school_id']) {
echo $_SESSION['school_id'];
}
else {
echo 'have not entered a school id yet';
}
?>
I've been studying PHP using only the internet, so I've been experiencing errors.
<?php
$name = $_POST['name'];
$lg = $_POST['lg'];
if (is_string($name) && is_numeric($lg)) {
header( "Location: portal.php?ejhbusbhdubr=nennuncuiecbdhbcvhebchebcdjebcdsjhbcebhfcvebhdchebhcvhervbhecbvecveh" ) ;
}
if (empty($name) && is_numeric($lg)) {
echo "Please enter your name.";
}
else {
header ("Location: index.php?invalid=true");
}
?>
I'm having problems with the second if statement. What I'm trying to do is that I'm trying to make an error message appear when the $name variable is left empty, and the $lg variable isn't. I think the is_string variable handler's the problem here. Perhaps a string can be empty. But as I said, since I don't have a book, I don't know what to change it too.
In case you still don't get what I mean,
Name: ""
LG: "1234"
I want the above to return as error. Help would be appreciated.
Try to write you condition like this:
if (empty($name) && !empty($lg))
Try it like this, I just moved your if over the first one, and changed it a bit. You have to test if the string is empty before testing, if it is a string. I mean is_string will return true even if the string is empty.
<?php
$name = $_POST['name'];
$lg = $_POST['lg'];
if (empty(trim($name)) && is_numeric($lg)) {
echo "Please enter your name.";
}
elseif(is_numeric($lg)) {
header( "Location: portal.php?ejhbusbhdubr=nennuncuiecbdhbcvhebchebcdjebcdsjhbcebhfcvebhdchebhcvhervbhecbvecveh" ) ;
die();
}
else {
header ("Location: index.php?invalid=true");
die();
}
i'm working on a php assignment for log in function using .txt file instead of db, but i'm facing with some sort of problem here. supposedly the "invalid email or password" to be shown after a non exist details key in, but when the page load, the msg showed by default, below is my code
<?php
$lines= file("customers.txt");
$matchFound=false;
$errmsg = 'Invalid email or password';
for($i=0;$i<count($lines);$i++)
{
if ($i!=0)
{
$line=trim($lines[$i]);
$cells=explode("\t",$line);
$_SESSION['email'] = isset($_POST['email'])? $_POST['email'] : null;
$_SESSION['password'] = isset($_POST['password']) ? $_POST['password'] : null;
if ($_SESSION['email']==$cells[2] && $_SESSION['password']==$cells[3])
{
$matchFound=true;
break;
}
}
}
if ($matchFound == true)
{
header('Location: login2.php');
}
else
{
echo $errmsg;
}
?>
This is because you're not checking if the user submitted the form input correctly. The value of $matchFound is FALSE by default, and the error message will always be displayed when the script is ran.
Specify a name attribute for your form submit button, and then add an if block to make sure the form was correctly submitted:
if (isset( $_POST['submitButton'] )) {
# code...
}
That way, the code inside the if block won't be run if the user input wasn't received and you could avoid the error being displayed every time you load the page.
Also, you're missing the session_start() statement at the top of your script. This is required if you want the sessions to work properly.
Try:
if ($matchFound == true)
{
header('Location: login2.php');
}
else if(isset($_POST['email']))
{
echo $errmsg;
}
Also you need session_start to use $_SESSION array
I have a problem with a project I'm working on. I'm trying to code a simply login system using PHP + Sessions. But I lose my session, and I don't really know why, the code:
index.php
<?php
session_start();
if(!isset($_SESSION['logedin'] == True)){
<form action = "login.php" method = "post" id="login-form" class = "login-form">
<input type = "text" name = "username" maxlength = "100"/>
<input type = "password" maxlength = "50" name = "password"/>
<button type="submit">Sign in</button>
</form>
}else{
echo "Loged in.";
}
?>
login.php
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($_SESSION['logedin'] == True)){
if($username == 'username' && $password == 'password'){
$_SESSION['logedin'] = True;
header("index.php"); // Loged in
}
}
?>
The real code is not this one, because it's too long to put here, but this is a simply resume about the code... I'm losing my head, because if I open a session into index.php, it works, but if I go out of my page (in this case, login.php through form), when I back to index, session just vanish...
I got to say I don't use any frameworks or something, it's a simply form, all done with PHP.
Your parens on the first line are going to be a problem:
if(!isset($_SESSION['logedin'] == True)){
Change to:
if(!isset($_SESSION['logedin'])) {
Why are you doing a double negative on this condition? Instead of doing !isset == true, just do isset == false. This is just likely to add confusion to your code, and the more intuitive (and simplistic) your code, the better.
In your login.php you also have that line:
if(!isset($_SESSION['logedin'] == True)){
You are basically saying isset(true) == false which should always return false. Because $_SESSION['logedin'] == true is true. Change it to if (isset($_SESSION['logedin'])) which will be true if you're logged in.
Let's break this condition down a little further to see what you're doing
if (false == isset(
$_SESSION['loged'] == true // will be true if you're logged in
) // isset will return true, but you're expecting a false
)
Your isset is always going to return true. Whether $_SESSION['logedin'] == true returns true or false it will be "isset". Isset will only return false if the return value is null or the var does not exist. "False" is a value and exists. Does that make sense? Sorry if this is confusing. Basically, don't use conditions in your isset! :). Use the isset as a part of a condition, but don't pass them into the isset parameter.