Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
Related
My PHP and MySQL knowledge is very little. I am trying to create a very basic login script however when I attempt to submit the credentials, I am faced with an error message that says "this page isn't working, localhost is unable to handle this request.".
Here is my signin.php script
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
?>
and this is my html
<!DOCTYPE html>
<html>
<head>
<title>Murdoch Study Assist</title>
<link rel="stylesheet" type="text/css" href="style.css">
<link href="https://fonts.googleapis.com/css?family=Baloo+Chettan" rel="stylesheet">
</head>
<body>
<div id="login">
<form method="post" action="signin.php">
<b>Login</b><br>
<br>
<input type="text" name="username" class="input" placeholder="Username"><br><br>
<input type="password" name="password" class="input" placeholder="Password"><br><br>
<input type="submit" name="submit" value="Sign In" class="sub"><input type="reset" name="reset" value="Clear" class="res"><br><br><hr><br>
<h3>Not a member?</h3>
<button>Sign Up</button>
</form>
</div>
</body>
</html>
You didn't close below if-statement :
if (isset($_POST['username']) and isset($_POST['password'])){
}//add this in the end
try this
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
}// add this tag
?>
login.php
I just want to prevent the user after the user logout and press the back button he will still logout... in the current state of my project after the user logout and press back button he will go back in the last page and still log in
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=MS932">
<title>Login Page</title>
<link rel ="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id ="frm">
<form action="process.php" method="post" >
<p>
<label>Username:</label>
<input type="text" id="email" name="user" required/>
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass" required/>
</p>
<p>
<input type="submit" id="btn" value="Login"/>
</p>
</form>
</div>
</body>
process.php
<?php
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
logout.php
<?php
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
Initialize session variable on user login and destroy it on logout. Everytime you go to index.php, you check if that session variable exists or there is a successful login.
http://php.net/manual/en/ref.session.php
process.php
<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
$_SESSION['un'] = $username;
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
index.php
<?php
session_start();
if(!isset($_SESSION['un'])){
header("location:login.php");
}
...
?>
I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
I made a login page for my website. The connection to the database is fine, and I am typing in to the login form the correct values that are in the database. I have a md5 on the password in both the database and the code. Yet, when I check to see if any rows come back, there are none. I would just like another set of eyes to look over what is probably a stupid mistake.
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$query = "SELECT * FROM users WHERE password = '$password' AND email='$email' AND activated='1'";
$queryrun = mysql_query($query);
while($row = mysql_fetch_assoc($queryrun)) {
$fname = $row['firstname'];
echo $fname;
}
$logincheck = mysql_num_rows($queryrun);
if ($logincheck > 0) {
echo 'good, you are in our database';
} else {
echo 'sorry, you are not in our database';
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
Login <br />
<form action="login.php" method="POST">
Email: <input type="text" name="email" />
Password: <input type="password" name="password" />
<input type="submit" value="Log in" />
</form>
</body>
</html>