I am making a web with a login system which is working fine.
I have also made a page which one has to log in to view. It is also working fine and when a user logs in it also gives a welcome "username" message.
However for an unknown reason this session variable is not being stored to the other pages. The thing is that I used the same methods which I used for the page with login restrictions.
Below is my login page. (works fine).
<?php
session_start();
?>
<form id="login_form" method="post" action="">
<p>
<?php
if(isset($_POST["username"]) && isset($_POST["password"])){
$username = $_POST["username"];
$password = $_POST["password"];
if(strlen($username) < 4 || strlen($password) < 4){
echo "Username or Password are invalid.";
}else{
require("connect.php");
$login = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' ") or die(mysql_error());
if(mysql_num_rows($login) == 0){
echo "Username or Password are incorrect!";
} else{
require("member.php");
$member_info = mysql_fetch_assoc($login);
setMember($member_info["id"]);
$_SESSION['user'] = "$username";
echo "Welcome ".$member_info["fname"]." ".$member_info["lname"]."<br />";
echo "Redirecting... Please wait.";
jumpTo("my_logs_testing.php",2);
}
//Free result & close connection.
mysql_free_result($login);
mysql_close($link);
}
}else{
}
?>
</p>
<table frame="box" bgcolor="" width="40%" border="0" cellpadding="6" align="center">
<tr>
<td colspan="2"><div align="center"><font color="#FFFFFF"><strong>Diving Advisor | Log In System</strong></font> </div> </tr>
<tr>
<td width="25%"><font color="#FFFFFF"><strong><label for="username2">Username:</label></strong></font></td>
<td width="75%" align="left"><input name="username" type="text" id="username" size="30" maxlength="20" /></td>
</tr>
<tr>
<td><font color="#FFFFFF"><label for="password"><strong>Password:</label></strong></font></td>
<td align="left"><input name="password" type="password" id="password" size="30" maxlength="20" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit_login" id="submit_login" value="Log In" /></td>
</tr>
</table>
</form>
This is the page with login restriction (works fine).
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
if( !isMember() ){
header("Location: login.php");
} else {
?>
<?php
if(mysql_connect('localhost', 'root','') && mysql_select_db('diving_advisor')){
echo "Welcome ".$current_user;
$errors = array();
if(isset($_POST['datepicker'],$_POST['location'],$_POST['description'])) {
cont.......................
And this is one of the the other pages which is not working (session variable seems to be lost! HERE IS THE PROBLEM!!!!
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
?>
Here is code from template.......................
Then the editable region....
<?php
echo $current_user;
?>
<p><strong>Heading 1</strong></p>
<p>This is the home page of the diving advisor application.
Lore......
echo $currentuser is printing nothing on the page. It is suppose to print the logged in user but for some reason it is not.
Please help cause i really do not know what is wrong!!
Tks in advance.
session_start();
Needs to be the first thing that is called on each page.
Related
<?php
session_start();
include_once 'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header("Location: home.php");
}
if (isset($_POST['btn-login'])) {
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res = mysql_query("SELECT * FROM telecomt_user WHERE email='$email'");
$row = mysql_fetch_array($res);
if ($row['password'] == md5($upass)) {
$_SESSION['user'] = $row['user_id'];
header("Location: home.php");
} else {
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
This is my code for fetching data from database to let the user to log in by email and password. My table name is "telecomt_user".
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td><input type="text" name="email" placeholder="Your Email" required /> </td>
</tr>
<tr>
<td><input type="password" name="pass" placeholder="Your Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="btn-login">Sign In</button></td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
And this my html form code. The code works fine in localhost but when I uploaded it to my server it does not work. It always executes this line:
<script>alert('wrong details');</script>
Is it problem in my database? But I am using the same name and pattern what I used in my localhost and also my sign up form works with the same database. My "dbconnect.php" file is also okay. What is the problem?
instead of $row['password'] , can you try to type the column of the password in the string, for example $row[0] (if password column is the first column).
I think you have to put break point in each condition like
if(your condition){
echo "something";exit;
}else{
echo "nothing";exit;
}
Better to do checking on query only email and password
$res=mysql_query("SELECT * FROM telecomt_user WHERE email='$email' AND password='md5($upass)'");
$row=mysql_fetch_array($res);
Now condition login or not
if(count($row)>=1){
//login
}else{
// credentials wrong message
}
Here is each one of my .php pages. I can get it to register and go onto my local server. However when I go to the login page and actually login it will not redirect to the members page. I am not sure what the issue it. I am pretty new to PHP and the code looks decent. Very simple but I am trying to get this to work. Any help is appreciated. Thanks.
config.php
<?php
$host = "localhost";
$username = "root";
$password = "root";
$db = "motofoto";
//Connect to MySQL Server
$con = mysqli_connect($host,$username,$password,$db) or die("Can not connect to Server.");
?>
Login.php
<?php
session_start();
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
header( "Location: members.php" ); //isset check to see if a variables has been 'set'
}
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "")
{
echo "Please fill in all the information!";
}
//Check to see if the username AND password MATCHES the username AND password in the DB
else
{
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user' and password = '$pass'") or die("Can not query DB.");
$count = mysqli_num_rows($query);
if($count == 1){
//YES WE FOUND A MATCH!
#$_SESSION['username'] = $user; //Create a session for the user!
header ("Location: members.php");
}
else{
echo "Username and Password DO NOT MATCH! TRY AGAIN!";
}
}
}
?>
<html>
<table>
<tr>
<form name="register" method="post" action="login.php">
<td>
<table>
<tr>
<td colspan="3"><strong><center>Login </center></strong></td>
</tr>
<tr>
<td>Username</td>
<td>:</td>
<td><input autofocus name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table>
<tr>
<td>Not a Member? Register</td>
</tr>
</table>
</html>
register.php
<?php
session_start(); //Must Start a session.
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
//'isset' check to see if a variables has been 'set'
if(isset($_SESSION['username'])){
header("location: members.php");
}
//Check to see if the user click the button
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
$rpass = $_POST['rpass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$rpass = stripslashes($rpass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
$rpass = mysqli_real_escape_string($con, $rpass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "" || $rpass == "")
{
echo "Please fill in all the information!";
}
else
{
//Check too see if the user's Passwords Matches!
if($pass != $rpass)
{
echo "Passwords do not match! Try Again";
}
//CHECK TO SEE IF THE USERNAME IS TAKEN, IF NOT THEN ADD USERNAME AND PASSWORD INTO THE DB
else
{
//Query the DB
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user'") or die("Can not query the TABLE!");
//Count the number of rows. If a row exist, then the username exist!
$row = mysqli_num_rows($query);
if($row == 1)
{
echo "Sorry, but the username is already taken! Try again.";
}
//ADD THE USERNAME TO THE DB
else
{
$add = mysqli_query($con,"INSERT INTO members (id, username, password) VALUES (null, '$user' , '$pass') ") or die("Can't Insert! ");
echo "Successful! <a href='members.php'> Click Here </a> to log In.";
}
}
}
}
?>
<html>
<table width="300" align="center" cellpadding="0" cellspacing="1" border="1px solid black">
<tr>
<form name="register" method="post" action="register.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong><center>Registration</center></strong></t
d>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td>Repeat Password</td>
<td>:</td>
<td><input name="rpass" type="password" id="rpass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</html>
members.php
<?php
session_start();
require "config.php";
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
echo "Hello ".$_SESSION['username'].", you are logged in. <br /> This the member's page! Nothing here :(. <a href='logout.php'>Click Here </a>to log out.";
}
else{
echo "Please <a href='login.php'>Log In </a> to view the content on this page!";
}
?>
logout.php
<?php
session_start();
require "config.php";
session_destroy();
echo "You have successfully logged out. <a href='login.php'> Click here </a> to login!";
?>
1)try to add session close function, this may help as session is possibly not saved yet.
#$_SESSION['username'] = $user; //Create a session for the user!
session_write_close();
header ("Location: members.php");
2) And as Fred mentioned try to debug with php error reporting.
3) Small note: register.php => change link to Login.php not members.php
echo "Successful! <a href='Login.php'> Click Here </a> to log In.";
PS: I tested your script and it worked fine even without session_write_close();
Alternatively you can use following function to redirect through java script. It's not the solution but you can use as alternative.
function redirect($url)
{
echo $data= "<script type='text/javascript'> window.location.href = '".$url."'; </script>";
break;
}
I have a login section in my main page I called this section as a seperated part it contains the following code :
<?php
if($_POST['submit'])
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password);
$users = $GLOBALS['db']->query("SELECT * FROM users WHERE email='$email' AND password='$password'") or $GLOBALS['db']->raise_error(); // Leaving 'raise_error()' blank will create an error message with the SQL
$users_number = $GLOBALS['db']->num_rows($users);
if(!empty($users_number))
{
while($users_sql = $GLOBALS['db']->fetch_array($users))
{
$is_banned = $users_sql['is_banned'];
// To check blocked users
if($is_banned == 1)
{
$_SESSION['login_error_msg'] = "this users is blocked.";
header('Location:./');
}
else
{
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
header('Location:./');
}
}
}
else
{
$_SESSION['login_error_msg'] = "Wrong username or password";
header('Location:./');
}
}
else
{
?>
<table class="fast_login_container">
<tr>
<td>
<form name="login_form" action="./" method="post">
<table class="fast_login" border="0">
<tr>
<colspan="3">
<?php
if($_SESSION['login_error_msg'])
{
echo $_SESSION['login_error_msg'];
}
?>
</td>
</tr>
<tr>
<td>
<input name="email" type="email" placeholder="Kullanıcı adı" />
</td>
<td>
<input name="password" type="password" placeholder="Parola"/>
</td>
<td >
<input name="submit" type="submit" value="Giriş"/>
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
}
?>
This code create the login form and when the user enters the email and password I check them in the same page in the php part.
My problem If I have a wrong email or password I should show an error message for that I save the error message in a session variable and call it in the html part after redirecting to the main page(where the login form is).
I can not show the error message. I print the session array befor the header('location:./') and after it ; befor it prints the error message after it does not print any thing.
PS: the session_start() is in the header file which I include it as following :
<?php
session_start();
?>
<body>
<table class="body_table" border="1">
<tr><td><?php include_once("include-parts/header_parts.php")?></td></tr>
The login part is in header_parts.php .
what should I edit here to get the error messages???
The problem is php unables to set session just before redirect to other page. You should use session_write_close() before each header("") function. e.g.
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
session_write_close();
header('Location:./');
Here is a problem i am having.
I have a loginform.php and when the user clicks the login button I want to display an error message on the same 'loginform.php' on my '#diverror' div if the user dose not exist.
loginform.php
<form method="post" action="login.php">
<div style='width:500px;margin:auto;border:2px solid darkgrey;margin-top: 50px;'>
<table id='logintable'>
<tr>
<td colspan="2" style='text-align: center;font-weight: bold;'>Login</td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><button type= submit>Login</button></td>
</tr>
</table>
<div id="diverror"> </div>
</div>
</form>
login.php
<?php
require 'connect.php';
$username= $_POST['username'];
$password= $_POST['password'];
$sqlcommand = "SELECT * FROM user WHERE username = '$username'";
$result = mysql_query($sqlcommand,$db);
include 'loginform.php';
if(mysql_num_rows($result)>=1)
{
$row = mysql_fetch_assoc($result);
$dbpass = $row['password'];
$dbuser = $row['username'];
$dbactive = $row['active'];
$_SESSION['username']=$dbuser;
header ('Location: index.php');
}
else // If the user dose not exist,
{
//Display this message on the loginform.php > #diverror
}
?>
Store error message in SESSION...
else // If the user dose not exist,
{
$_SESSION['msg']="User does not exist";
header("Location: loginform.php");
exit();
}
then just echo SESSION variable, after displaying message you need to unset session variable.
<div id="diverror">
<?php echo $_SESSION['msg'];
unset($_SESSION['msg']); ?>
</div>
NOTE: must start session at the beginning of the both files..
session_start();
To avoid this showing up even when a user has not logged in yet, use
<div class="text-error ">
<?php
session_start();
if (isset($_SESSION['msg']))
{
echo $_SESSION['msg'];
}
unset($_SESSION['msg']); ?>
</div>
This way, error will only show up if msg has been set and this can only happen when user submits.
My headers were working on my localhost but not working online.
<?php
require_once 'func/func.php';
if(isset($_POST['sub'])){
$user = trim(mysqli_real_escape_string($dbc,$_POST['username']));
$pass = mysqli_real_escape_string($dbc,$_POST['pass']);
$sql = "select * from register where matric = '$user' and passw ='$pass'";
$result = mysqli_query($dbc,$sql) or die(mysqli_error($dbc));
$num = mysqli_num_rows($result) or die(mysqli_error($dbc));
if($num == 1){
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['fname'].' '.$row['lname'];
$_SESSION['trader'] = $row['trader'];
$_SESSION['pic'] = $row['passport'];
$_SESSION['username'] = $row['username'];
error_reporting(E_ALL | E_WARNING | E_NOTICE);
ini_set('display_errors', TRUE);
flush();
header("Location: home/home.php");
die('should have redirected by now');
echo $pass;
}else{
echo "Invalid User Name or Password";
}
}
?>
<html><head>
</head>
<body>
<form action="" method="post">
<table width="409" border="0" align="center" cellpadding="4" cellspacing="4">
<tr>
<td width="166">User Name</td>
<td width="215">
<input type="text" name="username" id="text1">
</tr>
<tr>
<td>Password</td>
<td><p>
<input type="password" name="pass" id="password1">
</tr>
<tr>
<td colspan="2" align="center"><input name="sub" type="submit" value="Login" /></td>
</tr>
</table>
<? if(isset($msg)) echo $msg; ?> </form>
</body></html>
the func file contains the session and mysqli connect file it is working on localhost.
with all errors on it is not dispaying error. it is outputing shoul have redirected by now. please help me out
Your redirect works.
The problem is the URL is not correct.
Try it like this:
header("Location: http://site.com/home/home.php");
Try this way:
header("Location: ./home/home.php");