i am creating a login form and logout with sessions but when i try to login browser display an error ( i think the error is in the logged function )
anyone can help me because it make me crazy.....
**The page isn't redirecting properly
Firefox has that the server is redirecting the request for this address in a way that will never detected complete.
This problem can sometimes be caused by disabling or refusing to accept
cookies.**
login.php
<?php
ob_start();
require_once('functions.php');
if(loggedin()){
header("Location: userarea.php");
exit();
}
if(isset($_POST['login'])){
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST['rememberme'];
if($username && $password){
$login = mysql_query("SELECT * FROM rememberme WHERE username = '$username'");
while($row = mysql_fetch_assoc($login)){
$db_password = $row['password'];
if($password == $db_password)
$loginok = TRUE;
else
$loginok = FALSE;
if($loginok == TRUE){
if($rememberme == "on"){
setcookie("username", $username, time()+7200);
}else if($rememberme == "")
$_SESSION['username'] = $username;
header("Location: userarea.php");
exit();
}else{
die("incorrect username/password combination");
}
}
}else
die("please enter a username and password");
exit();
}
?>
<form action="login.php" method="post">
<p>Username<br />
<input type="text" name="username" />
</p>
<p> Password<br />
<input type="password" name="password" />
</p>
<p>
<input type="checkbox" name="rememberme">
Remember me<br />
<input type="submit" name="login" value="Log in" />
</p>
</form>
<?php ob_flush(); ?>
function.php
<?php
//session
session_start();
// connect to database
mysql_connect("localhost", "root", "") or die("could not connect to database");
mysql_select_db("rememberme") or die("could not select database");
// login check function
function loggedin()
{
$loggedin = false;
if(isset($_SESSION['username'])||isset($_COOKIE['username']))
{
$loggedin = TRUE;
}
return $loggedin;
}
?>
userarea.php
<?php
//session
session_start();
// connect to database
mysql_connect("localhost", "root", "") or die("could not connect to database");
mysql_select_db("rememberme") or die("could not select database");
// login check function
function loggedin()
{
if(isset($_SESSION['username'])||isset($_COOKIE['username'])){
$loggedin = TRUE;
return $loggedin;
}
}
?>
You have same function in two files.
function loggedin()
Try
function loggedin()
{
$loggedin = false;
if(isset($_SESSION['username'])||isset($_COOKIE['username']))
{
$loggedin = TRUE;
}
return $loggedin;
}
If you if conditions not satisfied your function will not return true or false, so you need to set initial value to false and then overwrite it if if condition satisfied.
Login.php
<?php
require_once('functions.php');
if(isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST['rememberme'];
if($username && $password)
{
$login = mysql_query("SELECT * FROM rememberme WHERE username = '".$username."'");
while($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if($password == $db_password)
$loginok = TRUE;
else
$loginok = FALSE;
if($loginok == TRUE)
{
if($rememberme == "on")
{
setcookie("username", $username, time()+7200);
}
else if($rememberme == "")
{
$_SESSION['username'] = $username;
header("Location: userarea.php");
exit();
}
}
else
{
die("incorrect username/password combination");
}
}
}
else
{
die("please enter a username and password");
exit();
}
}
?>
<form action="login.php" method="post">
<p>Username<br />
<input type="text" name="username" />
</p>
<p>Password<br />
<input type="password" name="password" />
</p>
<p>
<input type="checkbox" name="rememberme">
Remember me<br />
<input type="submit" name="login" value="Log in" />
</p>
</form>
<?php ob_flush(); ?>
functions.php
<?php
ob_start();
session_start();
error_reporting(E_ALL);
ini_set('display_errors','On');
mysql_connect("localhost", "root", "") or die("could not connect to database");
mysql_select_db("rememberme") or die("could not select database");
// login check function
if(loggedin())
{
header("Location: userarea.php");
exit();
}
function loggedin()
{
$loggedin = false;
if(isset($_SESSION['username'])||isset($_COOKIE['username']))
{
$loggedin = TRUE;
}
return $loggedin;
}
?>
userarea.php
<?php
require_once "functions.php";
echo "after login";
?>
Related
So this is my code, and I have no idea what I did wrong. The result of whatever it is that I did wrong is that every time I try to login with both of the fields filled, that is to say, that I have a password and a username entered, I get an error message saying to please fill in all fields, as though I hadn't filled one of them.
login.php
include_once 'header.php';
?>
<section class="signup-form" style="text-align:center;">
<h2>Log In</h2>
<form action="includes/login.inc.php" method="post">
<input type="text" name="uid" placeholder="Username/Email">
<br><br>
<input type="password" name="pwd" placeholder="Password">
<br><br>
<button type="submit" name="submit">Log In</button>
</form>
<?php
if(isset($_GET["error"])){
if($_GET["error"] == "empty input") {
echo "<p style='color:red; text-align:center;'>Please fill in all fields!</p>";
}
if($_GET["error"] == "wronglogin") {
echo "<p style='color:red; text-align:center;'>wrong login info. Try again</p>";
}
}
?>
</section>
login.inc.php
<?php
if(isset($_POST["submit"])){
$username = $_POST['uid'];
$pwd = $_POST['pwd'];
require_once 'dbh.inc.php';
require_once "functions.inc.php";
if (emptyInputLogin($username, $pwd) !== false) {
header('location: ../login.php?error=empty input');
exit();
}
loginUser($conn, $username, $pwd);
}
else {
header('location: ../login.php');
exit();
}
functions.inc.php
function emptyInputLogin( $username, $pwd ) {
$result;
if (empty($username) || empty($pwd)){
$result = false;
}
return $result;
}
You need to return true if any of them are empty and false if they are not.
function emptyInputLogin( $username, $pwd ) {
$result = false; // default value to return
if (empty($username) || empty($pwd)){
$result = true;
}
return $result;
}
This function can also be written as:
function emptyInputLogin( $username, $pwd ) {
return empty($username) || empty($pwd);
}
since empty($username) || empty($pwd) will evaluate as true/false.
Your if-statement can also be changed to just
if (emptyInputLogin($username, $pwd))
which makes it easier to read.
Or even easier, skip the function altogether in your login.inc.php file:
if (empty($username) || empty($pwd)) {
header('location: ../login.php?error=empty input');
exit;
}
Only the last line of if/else statement is working.
How do i solve this? the result is
Please enter a user name and password
the following is the php code :
<?php
session_start();
$username =#$_POST['username'];
$password =#$_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!==0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword)
{
echo "Your are logged in!";
$_SESSION['username']=$username;
}
else
echo "Your password is incorrect!";
}
else
die("That user doesn't exists!");
}
else
die("Please enter a user name and password");
?>
This is what I've got as my HTML form:
<html>
<form action="loginpage.php" method="post">
Username: <input type="text" name"username">
<p>
Password: <input type="password" name"password">
<p>
<input type="submit">
</form>
</html>
<?php
session_start();
$username = #$_POST['username'];
$password = #$_POST['password'];
if (!empty($_POST['submit'])) {
$connect = mysql_connect("localhost", "root", "")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username == $dbusername && $password == $dbpassword) {
echo "Your are logged in!";
$_SESSION['username'] = $username;
} else
echo "Your password is incorrect!";
} else
die("That user doesn't exists!");
}
else {
ECHO "Please enter a username and Password";
}
?>
<form method="post">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" name="submit" value="submit">
</form>
Try this But my suggestion would also be that you take if(!empty($_POST['submit'])) because when the document loads input fields will definitely be empty so it will go to the else part. where you have added the die code...avoid using die code in else use echo prompt there.
I know this error is very common and plenty of solution are mentioned but for some reason I cant get it working.
This is my index.php file which is the log in page for users
<?php
session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
header ("Location: index.php");
}
?>
...
...
<form name='log' action='loginproc.php' method='POST'>
<input type="text" placeholder="Username" name="username">
<input type="password" placeholder="Password" name="password">
<input type='submit' value='Login' onclick="return check()">
</form>
This is the loginproc.php file
<?php
require 'config.php';
require 'core.inc.php';
if(isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if(!empty($username) && !empty($password)) {
// $md5pwd = md5($password);
$query = "SELECT username FROM `login` WHERE `username` = '$username' and `password` = '$password';";
//echo $query;
//$query_run = mysqli_query($query);
//echo $query_run;
if($query_run = mysqli_query($conn,$query)) {
//echo $query_run;
$query_num_rows = mysqli_num_rows($query_run);
if($query_num_rows==0) {
phpAlert( "Invalid USERNAME or PASSWORD combination" );
echo '<script type="text/javascript">window.location = "index.php"</script>';
exit();
//echo '<p> Invalid USERNAME or PASSWORD combination <br /><br /> Click here to Login ';
}
else if($query_num_rows==1) {
//echo 'Hello';
$_SESSION['username']=$username;
header('Location: main.php');
}
}
}
else {
echo 'You Must supply a username and password';
}
}
function phpAlert($msg) {
echo '<script type="text/javascript">alert("' . $msg . '")</script>';
}
?>
The core.inc.php file
<?php
ob_start();
session_start();
function loggedin() {
if(isset($_SESSION['username'])&& !empty($_SESSION['username'])) {
return true;
}
else {
return false;
}
}
?>
you need to add an extra parameter when redirecting to index.php.
<?php
session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
if($_REQUEST['ftime']!=1)
{
header ("Location: index.php?ftime=1");
}
}
?>
You need to have the redirect go elsewhere for logged in users and bypass when not logged in:
<?php
session_start();
// if session username is set and valid, go to somewhere else
if(isset($_SESSION['username']) && !empty($_SESSION['username'])) {
// elswhere could be a profile page, or similar
header("Location: elsewhere.php");
// It is more accepted to exit after a header
exit;
}
?>
<!-- All other instances beside valid login will allow this to form to show-->
<form name='log' action='loginproc.php' method='POST'>
<input type="text" placeholder="Username" name="username">
<input type="password" placeholder="Password" name="password">
<input type='submit' value='Login' onclick="return check()">
</form>
I'm currently using a modified version of a login script I found online.
Can anybody suggest some ways of modularizing the code into functions?
Here is the code for the login page:
<?php
include("db.php");
include("login_fns.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password=md5($password);
$sql="SELECT * FROM client_login WHERE Username='$username' and Password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row = mysql_fetch_array($result);
$client_ref = $row['Client_ref'];
$user_level = $row['user_level'];
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
$_SESSION['user_level'] = $user_level;
$_SESSION['client_ref'] = $client_ref;
$_SESSION['user'] = $username;
if ($user_level == '1') {
header('Location: admin.php');
} else {
header('Location: myaccount.php');
}
}
else
{
echo "Error logging in!";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
Ideally, I'd like a function for the user account search and the session setting. I previously tried to copy snippets of this code into a separate php functions file, but it didn't seem to work.
What do you think about this? :)
The function
<?php
function checkLogin($username, $password) {
global $bd;
$returnArray=array();
$username=mysqli_real_escape_string($bd, $username);
$password=md5($password);
$getUser=mysqli_query($bd, "SELECT `Client_ref`,`user_level` FROM client_login WHERE Username='$username' and Password='$password'");
$arrayUser=mysqli_fetch_array($getUser);
if(mysqli_num_rows($getUser) == 0)
{
$returnArray['error']='true';
$returnArray['errormsg']='User not found in the database.';
return $returnArray;
}
$returnArray['Client_ref']=$row['Client_ref'];
$returnArray['user_level']=$row['user_level'];
return $returnArray;
}
?>
Rest of the code
<?php
include("db.php");
include("login_fns.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$username=$_POST['username'];
$password=$_POST['password'];
$loginArray=checkLogin($username, $password);
if(!isset($loginArray['error']))
{
$_SESSION['user_level'] = $loginArray['Client_ref'];
$_SESSION['client_ref'] = $loginArray['user_level'];
$_SESSION['user'] = $username;
if($loginArray['user_level'] == '1')
{
header('Location: admin.php');
}
else
{
header('Location: myaccount.php');
}
}
else
{
echo "Error logging in!";
echo "The detailed error message is: ".$returnArray['errormsg'];
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
I am learning how to use "setcookie", however, I couldn't get following line to work,
I have pasted all my codes here, if someone could give me a hand please?
Have no idea the reason.
Many thanks.
else{ die ("hahahahahahahahahahahahahaha"); }
HTML code
<form method="POST" action="">
<div class="error"><?php echo $error;?></div>
<p></p>
<label>Username: </label><br>
<input type="text" name="username"><br>
<label>Password: </label><br>
<input type="password" name="password"><br>
<input type="checkbox" name="rememberme"> Remember me<br>
<input type="submit" name="submit" value="Login">
PHP CODE
<?
if(isset($_POST['submit'])){
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = isset($_POST['rememberme']);
echo $rememberme;
if($username&&$password){
$login = mysql_query("SELECT * FROM form WHERE username='$username'");
while ($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if (md5($password)== $db_password)
{
$logstatus = TRUE;
}
else{
$logstatus = FALSE;
}
if ($logstatus == TRUE)
{
if ($rememberme == "1")
setcookie("username", $username, time()+600);
else if ($rememberme == "")
$_SESSION['username'] = $username;
echo " I am here";
}
else{
die ("hahahahahahahahahahahahahaha"); //unable to get here
}
}
}
else{
echo "enter username / password";
}
}
?>
Try this code, I haven't tested it but is should works :)
session_start();//dont forget this :P
if(isset($_POST['submit'])){
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = isset($_POST['rememberme']);
echo $rememberme;
if($username&&$password){
$login = mysql_query("SELECT * FROM form WHERE username='$username' AND password='".md5($password)."'");
if (mysql_num_rows($login))//if this returns 1 you are logged in
{
if ($rememberme == "1")
setcookie("username", $username, time()+600);
else
$_SESSION['username'] = $username;
echo " I am here";
}else{
die ("Incorrect Username/Password"); //unable to get here
}
}
}
else{
echo "enter username / password";
}
}
The while loop is causing the issue, simply remove it.
Well I didn't tested the code but trying following might help.
Add line:
$logstatus = TRUE;
before while.
Justification:
Scope of variable finishes as soon as block finishes. defining logstatus outside while will make sure its scope do not end where it is required.