I was testing my script and the session values were not registering. Here is my error message:
Notice: Undefined index: email1 in /home/content/78/10212078/html/ads/new_topic.php on line 11
Notice: Undefined index: pass1 in /home/content/78/10212078/html/ads/new_topic.php on line 12
ERROR: You do not exist in the system.
And here is line 11 and 12:
$u_email = mysql_real_escape_string($_SESSION['email1']);
$u_pass = mysql_real_escape_string($_SESSION['pass1']);
And here is the full code for new_topic.php:
<?php
error_reporting(E_ALL); ini_set('display_errors', '1');
session_start();
include_once "../ads/connect_to_mysql.php"; // Connect to the database
// Assume they are a member because they have a password session variable set
// Check the database to be sure that their ID, password, and email session variables all match in the database
$u_id = mysql_real_escape_string($_SESSION['id']);
$u_name = mysql_real_escape_string($_SESSION['username']);
$u_email = mysql_real_escape_string($_SESSION['email1']);
$u_pass = mysql_real_escape_string($_SESSION['pass1']);
$sql = mysql_query("SELECT * FROM members1 WHERE id='$u_id' AND username='$u_name' AND email1='$u_email' AND pass1='$u_pass'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
echo "ERROR: You do not exist in the system.";
exit();
}
// Check to make sure the URL variables of "sid" and "title" are set
if (!isset($_POST['ad_id']) || $_POST['ad_id'] == "" || !isset($_POST['ad_title']) || $_POST['ad_title'] == "") {
echo "Important variables are missing";
exit();
} else {
// Acquire the variables and proceed to show them a form for creating a new topic
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['ad_id']);
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['ad_title']);
}
$sql = mysql_query("SELECT * FROM ad_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
echo "ERROR: That section deos not exist.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style/style.css" rel="stylesheet" type="text/css" />
<title>Create New Topic</title>
<script type="text/javascript" language="javascript">
<!--
function validateMyForm ( ) {
var isValid = true;
if ( document.form1.post_title.value == "" ) {
alert ( "Please type in a title for this classified" );
isValid = false;
} else if ( document.form1.post_title.value.length < 10 ) {
alert ( "Your title must be at least 10 characters long" );
isValid = false;
} else if ( document.form1.post_body.value == "" ) {
alert ( "Please type in your classified body." );
isValid = false;
}
return isValid;
}
//-->
</script>
</head>
<body>
<table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0">
<tr>
<td width="731" valign="top">
<div id="breadcrumbs">Locally Sold Home ← Section Home ← <?php echo $forum_section_title; ?></div>
<h2>Creating New Classified In the <em><?php echo $forum_section_title; ?></em> Forum</h2>
<form action="parse_post.php" method="post" name="form1">
<input name="post_type" type="hidden" value="a" />
Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" />
<br /><br />
Please type in a title for your classified here:<br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br />
Please type in your classified body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea>
<br /><br /><input name="" type="submit" value="Create my classified now!" onclick="javascript:return validateMyForm();"/><input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" />
<input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" />
<input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
<input name="upass" type="hidden" value="<?php echo $_SESSION['pass1']; ?>" />
</form>
</td>
<td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br/>
<br/>
<br />
<h3>Ad Space or Whatever</h3>
</div></td>
</tr>
</table>
</body>
</html>
Here is where the the session variables are set on login.php:
<?php
// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Initialize some vars
$errorMsg = '';
$email = '';
$pass = '';
$remember = '';
if (isset($_POST['email1'])) {
$email = $_POST['email1'];
$pass = $_POST['pass1'];
if (isset($_POST['remember'])) {
$remember = $_POST['remember'];
}
$email = stripslashes($email);
$pass = stripslashes($pass);
$email = strip_tags($email);
$pass = strip_tags($pass);
// error handling conditional checks go here
if ((!$email) || (!$pass)) {
$errorMsg = 'Please fill in both fields';
} else { // Error handling is complete so process the info if no errors
include 'connect_to_mysql.php'; // Connect to the database
$email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query
//$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query
$pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
// Make the SQL query
$sql = mysql_query("SELECT * FROM members1 WHERE email1='$email' AND pass1='$pass' AND email_activated='1'");
$login_check = mysql_num_rows($sql);
// If login check number is greater than 0 (meaning they do exist and are activated)
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0 thru 5.3+)
// Create session var for their raw id
$id = $row["id"];
$_SESSION['id'] = $id;
// Create the idx session var
$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
// Create session var for their username
$username = $row["username"];
$_SESSION['username'] = $username;
// Create session var for their email
$useremail = $row["email1"];
$_SESSION['useremail'] = $useremail;
// Create session var for their password
$userpass = $row["pass1"];
$_SESSION['userpass'] = $userpass;
mysql_query("UPDATE members1 SET last _log_date=now() WHERE id='$id' LIMIT 1");
} // close while
// Remember Me Section
if($remember == "yes"){
$encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
}
// All good they are logged in, send them to homepage then exit script
header("location: index.php?test=$id");
exit();
} else { // Run this code if login_check is equal to 0 meaning they do not exist
$errorMsg = "Incorrect login data, please try again";
}
} // Close else after error checks
} //Close if (isset ($_POST['uname'])){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="/jquery-1.9.0.js" type="text/javascript"></script>
<title>Log In</title>
<style type="text/css">
<!--
body {
margin-top: 0px;
}
-->
</style></head>
<body>
<div align="center"><img src="images/logo1.png" alt="Locally Sold Home Page" width="197" height="104" border="0" /></div>
<table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;">
<form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform">
<tr>
<td width="23%"><font size="+2">Log In</font></td>
<td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
</tr>
<tr>
<td><strong>Email:</strong></td>
<td><input name="email1" type="text" id="email1" style="width:60%;" /></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input name="pass1" type="password" id="pass1" maxlength="24" style="width:60%;"/></td>
</tr>
<tr>
<td align="right"> </td>
<td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" />
Remember Me</td>
</tr>
<tr>
<td> </td>
<td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan="2">Forgot your password? Click Here
<br /></td>
</tr>
<tr>
<td colspan="2">Need an Account? Click Here<br /> <br /></td>
</tr>
</form>
</table>
<br />
<br />
<br />
</body>
</html>
You're not setting the session variables anywhere.
To set session values, you do the following:
if ( /* username and password are correct */ ) {
$_SESSION['id'] = $row['id']; //taken from db
$_SESSION['username'] = $row['username'];
// etc
}
use session_start on all pages where you want to use session function.
after that set your session like this...
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
Related
I am not sure what the problem is here. The user data is in my MySQL database, and correct. However when I try to login I get an error saying user/password is incorrect. I am trying to login using the users email address. In addition I want to add the first name, and user id to the session.
<?php
session_start();
include_once 'dbconnect_new.php';
if(isset($_SESSION['user'])!="")
{
header("Location: ../index.php");
}
if(isset($_POST['btn-login']))
{
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = trim($s_password);
$res=mysql_query("SELECT student_id, student_password, student_firstname FROM studentdata WHERE student_email='$s_email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if($count == 1 && $row['student_password']==md5($s_password))
{
$_SESSION['user'] = $row['student_id'];
header("Location: ../index.php");
}
else
{
?>
<script>
alert('Username / Password Seems Wrong !');
</script>
<?php
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>New Reg Page</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td>
<input type="text" name="email" placeholder="Your Email" required />
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Your Password" required />
</td>
</tr>
<tr>
<td>
<button type="submit" name="btn-login">Sign In</button>
</td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
Try this code:-
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = md5(trim($s_password));
$res=mysql_query("SELECT student_id, student_firstname FROM studentdata WHERE student_email='$s_email' AND student_password = '$s_password'");
if (!$res) {
// Debug query result by below code
//echo 'Could not run query: ' . mysql_error();
//exit;
echo '<script language="javascript">';
echo 'alert("Username / Password Seems Wrong !")';
echo '</script>';
}else{
$row = mysql_fetch_row($result);
$stu_id = $row[0];
$stu_fname = $row[1];
$_SESSION['user'] = $stu_id;
header("Location: ../index.php");
}
Hope this will help you :)
I have successfully created a form that submits data and a picture of a user into my online folder and the path directory stored in the database.
My question is this how do I get users to see their picture once they are logged in?
Well Guys thanks for everything but still not getting right here is all my code
Sign Up
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:328px;
height:216px;
z-index:1;
left: 347px;
top: 111px;
}
-->
</style>
</head>
<body>
<div id="apDiv1">
<form method="post" action="logon.php" enctype="multipart/form-data">
<table width="332" height="210" border="0">
<tr>
<td width="155">Email</td>
<td width="167"><input type="text" name="email" /></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="password" /></td>
</tr>
<tr>
<td>Upload Passport</td>
<td><label>
<input type="file" name="photo" />
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="submit" value="Sign Up" />
</label></td>
</tr>
</table>
</form>
</div>
</body>
</html>
Logon.php
<?php
include('connection.php');
if (!isset($_FILES['photo']['tmp_name'])) {
echo "";
}else{
$file=$_FILES['photo']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['photo']['tmp_name']));
$image_name= addslashes($_FILES['photo']['name']);
move_uploaded_file($_FILES["photo"]["tmp_name"],"photos/" . $_FILES["photo"]["name"]);
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$photo="photos/" . $_FILES["photo"]["name"];
$save=mysql_query("INSERT INTO info (id, email, user_name, password, photo) VALUES ('','$email','$username','$password','$photo')");
/* Redirect visitor to the thank you page */
echo '<script language="javascript">alert("Registration Succesful....")</script>';
echo '<script language="javascript">window.location = "index.php"</script>';
exit();
}
?>
Index.php
<?php
include('login.php'); // Includes Login Script
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:391px;
height:178px;
z-index:1;
left: 334px;
top: 166px;
}
#apDiv2 {
position:absolute;
width:259px;
height:115px;
z-index:1;
left: 380px;
top: 137px;
}
-->
</style>
</head>
<body>
<div id="apDiv2">
<form method="POST" action="">
<table width="260" height="88" border="0">
<tr>
<td width="131">Username</td>
<td width="119"><label>
<input type="text" name="username" />
</label></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="submit" value="Submit" />
</label></td>
</tr>
</table>
<table width="259" border="0">
<tr>
<td align="center">Sign Up</td>
</tr>
</table>
</form>
<p> </p>
</div>
</body>
</html>
login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "User ID or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = #mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("lesson", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from info where password='$password' AND user_name='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: customer_login.php"); // Redirecting To Other Page
} else {
$error = "User ID or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
customer_login.php
<?php
include('session_connect.php');
?>
<html>
<body>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:259px;
height:173px;
z-index:1;
left: 25px;
top: 92px;
}
-->
</style>
<div id="apDiv1">
<p>Email: <?php echo $email; ?> </p>
<p>Username: <?php echo $username; ?> </p>
<p>Password: <?php echo $password; ?> </p>
<p>Passport: <?php echo $photo; ?> </p>
</div>
</body>
</html>
session_connect.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = #mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("lesson", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select * from info where user_name='$user_check'", $connection);
$row=mysql_fetch_array($ses_sql);
$login_session =$row['user_name'];
$email = $row['email'];//." ".$row['vLastName'];
$username = $row['user_name'];
$password = $row['password'];
$photo = $row['photo'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
Instead the above code shows me the pathway in the database i want the actual image to show...thank you
When you store the Image path in the database, there must be a reference (Foreign key or similar) to the corresponding user.
Now, when the user loggs in, you check the table, where your image paths are declared for the specific user:
SELECT imgpath FROM imgpathstable WHERE userid = $loggedInUser["id"]
and then you can display an img tag with:
<?php
echo "<img href='$imgPath' ...
<?php
if(isset($_SESSION['Anyone']))
{
?>
<img src="<?php echo image path ?>"/>
<?php
}
?>
currently I am working on a script that allows you to signup and login. Signup is working perfectly but my Login is showing me an error(i.e. Error - Invalid login. No such user exists(the last line of php script, even the user exists) . My mysql table is users1. My codes for both login form and its processing are as follow--
<?php
include 'dbc.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if ($_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$email = $data['email'];
$pass = $data['password'];
if (strpos($email,'#') === false) {
$user_cond = "username='$email'";
} else {
$user_cond = "email='$email'";
}
$result = mysql_query("SELECT `id`,`password`,`full_name`,`approved` FROM users1 WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$password,$full_name,$approved) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
if ($password === password($pass,substr($password,0,9))) {
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id (true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['username'] = $full_name;
$_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users1 set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("username",$_SESSION['username'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header("Location: myaccount.php");
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
$err[] = "Invalid Login. Please try again with correct user email and password.";
//header("Location: login.php?msg=$msg");
}
} else {
$err[] = "Error - Invalid login. No such user exists";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Members' Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#logForm").validate();
});
</script>
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="160" valign="top"><p> </p>
<p> </p>
<p> </p></td>
<td width="732" valign="top"><p> </p>
<h3 class="titlehdr"><b>Login</b>
</h3>
<p>
<?php
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
?></p>
<form action="login.php" method="post" name="logForm" id="logForm" >
<table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="38%">Username / Email</td>
<td width="62%"><input name="usr_email" type="text" class="required" id="txtbox" size="25"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" class="required password" id="txtbox" size="25"></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="remember" type="checkbox" id="remember" value="1">
Remember me</div></td>
</tr>
<tr>
<td colspan="2"> <div align="center">
<p>
<input name="doLogin" type="submit" id="doLogin3" value="Login">
</p>
<p>Register Free<font color="#FF6600">
|</font> Forgot Password <font color="#FF6600">
</font></p>
</div></td>
</tr>
</table>
<div align="center"></div>
<p align="center"> </p>
</form>
<p> </p>
</td>
<td width="196" valign="top"> </td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
</body>
</html>
If you need more details about problem ask me
instead of the if(strpos($email,'#')) try this instead it will make your search dynamic as you want, you will need to pass to parameters $username and $email like so:
SELECT `id`,`password`,`full_name`,`approved` FROM users1
WHERE 1 = 1
AND ($email IS NULL OR email = $email)
AND ($username IS NULL OR username = $username)
AND `banned` = '0'
Note that you have to use PDO or prepared statements instead of the way you use to connect to mysql databases.
I need some help with my code. It works on XAMPP on my computer but when it's live on my server it won't work all I get is a blank screen. You can have a look what happens at <a href="http://www.redhotessentials.com/prototype/pages/login.php</a> put username allanallan password allanallan and you can see what happens thanks
<?php
if (isset($_POST['email'])) {
//Connect to the database through our include
require("db.php");
$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all database data that -
// cannot be changed by member into SESSION variables.
// Data that you want member to be able to change -
// should never be set into a SESSION variable.
$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password' AND emailactivated='1'");
$login_check = mysql_num_rows($sql);
if($login_check>0){
while($row = mysql_fetch_array($sql)){
// Get member ID into a session variable
$id = $row['id'];
session_register('id');
$_SESSION['id'] = $id;
// Get member username into a session variable
$username = $row['username'];
session_register('username');
$_SESSION['username'] = $username;
// Update last_log_date field for this member now
mysql_query("UPDATE members SET lastlogin=now() WHERE id='$id'");
// Print success message here if all went well then exit the script
header("location: endlessnails_blog.php");
exit();
} // close while
} else {
// Print login failure message to the user and link them back to your login page
print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br />
<br />Click here to go back to the login page.';
exit();
}
}// close if post
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login to your profile</title>
<link rel="stylesheet" type="text/css" href="../../css/main4.css" />
<script type="text/javascript">
<!-- Form Validation -->
function validate_form ( ) {
valid = true;
if ( document.logform.email.value == "" ) {
alert ( "Please enter your User Name" );
valid = false;
}
if ( document.logform.pass.value == "" ) {
alert ( "Please enter your password" );
valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
</head>
<?php include("header.php"); ?>
<?php include("nav.php"); ?>
<body>
<div id="container">
<div id="box3">
<div align="center">
<h3 id="login2"><br />
<br />
Log into Endless Nails Blog<br />
<br />
</h3>
</div>
<div id="loginformmove">
<table class="style7" align="center" cellpadding="5">
<form action="index.php" method="post" enctype="multipart/form-data" name="logform"
id="logform" onsubmit="return validate_form ( );">
<tr>
<td class="style7"><div align="right">Email Address:</div></td>
<td class="style7"><input name="email" type="text" id="email" size="30" maxlength="64" /></td>
</tr>
<tr>
<td class="style7"><div align="right">Password:</div></td>
<td class="style7"><input name="password" type="password" id="password" size="30" maxlength="24" /></td>
</tr>
<tr>
<td class="style7"> </td>
<td id="login3"><input name="Submit" type="submit" value="Login" class="login_pad" /></td>
</tr>
</form>
</table>
</div>
</div>
</div>
</div>
</body>
</html>
Remove the enctype from your FORM attributes, since you are not Uploading files, just use the method="POST"
I have this Alumni Directory System that when users wants to join the site, he/she will input the correct pin for his/her account. If the pin was correct, he will be directed to the account creation page which includes: username,password and email.
This inputs will be updated to his existing record on the database. Here's the scripts that I've been using, and got problem on how to update the inputs of the user to the database.
verify.php
<?php
// Start Session to enable creating the session variables below when they log in session_start();
include 'scripts/connect_to_mysql.php';
// Connect to the database
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1'); ?> <?php //
//Initialize some vars
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="stylesheets/style.css" rel="stylesheet" type="text/css"/>
<title>Enter Your Pin</title>
<body>
<div id="main_content">
<form id="form1" name="form1" method="post" action="createaccount.php" style="height: 96px;">
<label>Confirmation Number:
<input type="text" name="confirm" id="ed"/> </label>
<p>
<input name="" type="submit" value="Log-in" id="button1"/>
</p>
</form>
createaccount.php
<?php
include_once "scripts/connect_to_mysql.php";
$confirm = $_POST['confirm'];
$result = mysql_query("SELECT * FROM myMembers where confirmation='$confirm'");
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
$username = $row['username'];
$password = $row['password'];
$email = $row['email'];
}
?>
<?php
if (isset ($_POST['username'])){
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
$email = $_POST['email'];
$password = $_POST['password'];
$email = stripslashes($email);
$password= stripslashes($password);
$email = strip_tags($email);
$password= strip_tags($password);
// Connect to database
include_once "scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email);
$emailCHecker = str_replace("`", "", $emailCHecker);
// Database duplicate username check setup for use below in the error handling if else conditionals
$sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$username) || (!$email) || (!$password)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
}
if(!$username){
$errorMsg .= ' * User Name<br />';
}
if(!$email){
$errorMsg .= ' * Email Address<br />';
}
if(!$password){
$errorMsg .= ' * Password<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
// Add MD5 Hash to the password variable
$db_password = md5($password);
// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');
// Add user info into the database table for the main site table
$sql = mysql_query("UPDATE myMembers SET username='$username', email='$email', password='$db_password', ipaddress='ipaddress', sign_up_date WHERE confirmation='$confirm'");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Create Account | <?php echo $MySocialSitename; ?></title>
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="js/jquery-1.4.2.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript">
$(document).ready(function() {
$("#username").blur(function() {
$("#nameresponse").removeClass().text('Checking Username...').fadeIn(1000);
$.post("scripts/check_signup_name.php",{ username:$(this).val() } ,function(data) {
$("#nameresponse").fadeTo(200,0.1,function() {
$(this).html(data).fadeTo(900,1);
});
});
});
});
function toggleSlideBox(x) {
if ($('#'+x).is(":hidden")) {
$('#'+x).slideDown(300);
} else {
$('#'+x).slideUp(300);
}
}
</script>
</head>
<body>
<br /><br />
<table class="mainBodyTable" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="738" valign="top">
<h2 style="margin-left:80px;">Create Your Account </h2>
<table width="600" align="center" cellpadding="8" cellspacing="0" style="border:#999 1px solid; background-color:#FBFBFB;">
<form action="createaccount.php" method="post" style="margin-top: -31px;" name="personal">
<tr>
<td colspan="2"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
</tr>
<tr>
<tr>
<td width="114" bgcolor="#FFFFFF">User Name:<span class="brightRed"> *</span></td>
<td width="452" bgcolor="#FFFFFF"><input name="username" type="text" class="formFields" id="username" value="<?php echo $username;?>" size="32" maxlength="20" /><br />
<span id="nameresponse"><span class="textSize_9px"><span class="greyColor">Alphanumeric Characters Only</span></span></span></td>
</tr>
<tr>
<td><div align="right" class="style1">Password:</div></td>
<td><input name="password" type="password" class="ed" id="last" size="40" value="" /></td>
<td> </td>
</tr>
<tr>
<td><div align="right" class="style1">Email Address:</div></td>
<td><input name="email" type="text" class="ed" id="address" size="40" value="" /></td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td colspan="2"><label>
<input type="checkbox" name="condition" value="checkbox" />
<span class="style1"><small>i agree the <a rel="facebox" href="terms_condition.php">terms and condition</a> of this alumni</small></span></label></td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input name="but" type="submit" value="Confirm" /></td>
<td> </td>
</tr>
</table>
</form>
</table>
</body>
</html>
After the update was finished it will direct the user to the login page.
You should Post your Verify.php file code as you say the error is in that page,
Assuming entiries for each person will have only their passcoe and all other fields are empty before they create their account
// in verify.php page
if(isset($_POST['passcode']))
{
$enteredCode=$_POST['passcode'];
$records=mysql_query("select passcode from table where user_id =X");
if( mysql_num_rows($records == 1)
{
while($row=mysql_fetch_array($records))
{
$passcode==$row['passcode'];
}
if($enteredCode == $passcode)
{
header("location:createAccount.php");
}
else
{
// do not redirect, print error msg
}
}
}