A php die function question.
when I use die(), it clean all page elements.
Is any way to echo error message and not clean all page, It looks like jump to another page when I use die() to stop code and call out the message.
Here are my code
<?PHP
$message="";
if(isset($_POST['submit'])){
$name=$_POST['name'];
$password=$_POST['password'];
//Field check
if($name && $password){$message=$name . $password;}
else{die($message="please enter name and password");}
//Check name
if($name=="alex" && $password==123){$message="Welcome ". $name;}
else{$message="wrong user or password";}
}
?>
<html>
<p>SIGN UP</p>
<form action="testing.php" method="POST">
<input type="text" name="name" placeholder="Enter Name" />
<input type="password" name="password" placeholder="Enter Password"/>
<input type="submit" name="submit" value="Sign up"/>
</form>
<div><?PHP echo $message?></div>
</html>
You should read your script for top to bottom, including anything outside of <?php ?>. When using die() your script stops then and there.
<?php $a = "something"; ?>
<html>
<p><?php echo $a?></p>
<?php die(); ?>
<p>Never here</p>
</html>
Would output
<html>
<p>something</p>
In your case do
<?php
if(isset($_POST['submit'])){
$name=$_POST['name'];
$password=$_POST['password'];
//Field check
if(!$name || !$password) {
$message="please enter name and password");
//Check name and password
} elseif ($name=="alex" && $password=="alex1") {
$message="Welcome ". $name;
} else {
$message="Username or password incorrect"
}
?>
<html>
<p>SIGN UP</p>
<form action="testing.php" method="POST">
<input type="text" name="name" placeholder="Enter Name" />
<input type="password" name="password" placeholder="Enter Password"/>
<input type="submit" name="submit" value="Sign up"/>
</form>
<div><?php echo $message?></div>
</html>
Also note that I'm using '==' to compare, not '='.
Related
I am working on a web project where I want to move from one PHP page to another Php page if condition true...
In below login PHP page, I am getting username and password using $_POST[]. if both username and password got matched in (if statement) of current PHP login page then, I want to jump to another PHP page(choice.php) specified in header function below after if.
<html>
<body>
<head>
</head>
<form method="post" action="login.php">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value=""
placeholder="username" />
<label >Password</label><input type="text" name="password" value=""
placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
if($username=='root' && $password=='tiger'){
header( "Location:http://localhost/bizdiary/choice.php" ); die;
}
}
?>
This code should work:
The HTML in top of the file.
Remove the action in your form.
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
$host = $_SERVER['HTTP_HOST'];
// Put in here the conditional that the request need to accomplish to redirect.
if($username=='root' && $password=='tiger'){
header("Location: http://{$host}/choice.php");
}
}
?>
<html>
<body>
<head>
</head>
<body>
<form method="post">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value="" placeholder="username" />
<label >Password</label>
<input type="text" name="password" value="" placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
</body>
</html>
You should mysql control. Example
if ($_POST){
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (empty($username) or empty($password)){
echo 'Don't leave blank.';
}else {
$user = mysql_query('SELECT * FROM user WHERE username = "'.$username.'" AND password = "'.$password.'"');
if (mysql_num_rows($user)){
header('Location: asd.php');
}else {
echo 'Didn't find user.';
}
}
}
I have these two forms that submits to different blocks of the same script. i am unable to access variable of one block in other, though both variables are in same script.
html form :(1.php)
<html>
<form method="POST" action="2.php" enctype="multipart/form-data">
</br>
Choose a user name:</font>
<input type="text" name="username">
<input type="submit" name="submit" value="Save and Proceed">
</form>
</html>
2.php:
<?php
$name=$_POST['username'];
if ((isset($_POST['username'])) && ($_POST['submit'] == 'Save and Proceed'))
{
$name=$_POST['username'];
echo $name;
if($name=='azra')
{
?>
<html>
<form method="POST" action="2.php" enctype="multipart/form-data"></br>
enter age:</font>
<input type="text" name="age">
<input type="submit" name="submit" value="done">
</form>
</html>
<?php
}
}
if((isset($_POST['age'])) && ($_POST['submit'] == 'done'))
{
$age=$_POST['age'];
echo $age;
if($age==25)
{
echo "hi" .$name;
echo "your age is ". $age;
echo"you are eligible";
}
}
?>
How do I access $_POST['username'] in the code following the html form in the same script? Thank you in advance.
On the second form you can use a hidden input, i.e.:
<input type="hidden" name="username" value="$name">
Example:
<?php
$name=$_POST['username'];
if (!empty($_POST['username']) && $_POST['submit'] == 'Save and Proceed'))
{
$name=$_POST['username'];
echo $name;
if($name=='azra')
{
echo <<< LOL
<html>
<form method="POST" action="2.php" enctype="multipart/form-data"></br>
enter age:</font> <input type="text" name="age">
<input type="hidden" name="username" value="$name">
<input type="submit" name="submit" value="done">
</form>
</html>
LOL;
}
}
if((isset($_POST['age'])) && ($_POST['submit'] == 'done'))
{
$age=$_POST['age'];
echo $age;
if($age==25)
{
echo "hi" .$name;
echo "your age is ". $age;
echo"you are eligible";
}
}
?>
If I understand well you want to pass username twice.
Than you can use hidden input, which is not visible (only transports data):
<input type="hidden" name="username" value="<?php echo $_POST['username']; ?>" />
The following code does not work as intended, when the submit button of the form is clicked it with no data entered it goes to blog.php instead of showing the error above the form?
<?php
session_start();
include_once('connection.php');
if (isset($_SESSION['logged_in'])){
//display index
} else {
if (isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) or empty($password)) {
$error = 'All fields are required!';
}
}
}
?>
linked with the following html form
<?php if (isset($error)) { ?>
<small style="color:#aa0000;"><?php echo $error; ?> </small>
<?php } ?>
<form action="blog.php" method="post">
<input type="text" name="username" placeholder="username" />
<input type="password" name="password" placeholder="password" />
<input type="submit" value="login" />
</form>
If the actual validation is being done in admin.php, shouldn't the action be pointing to admin.php?
<?php if (isset($error)) { ?>
<small style="color:#aa0000;"><?php echo $error; ?> </small>
<?php } ?>
<form action="admin.php" method="post">
<input type="text" name="username" placeholder="username" />
<input type="password" name="password" placeholder="password" />
<input type="submit" value="login" />
</form>
My code is below. It's working fine, but i want it not to display form again after the errors were found. How can it be done?
This is a single page, username validation program i just want to know why form is displayed again after, and how will i solve it.
<?php require'function.php'; ?>
<?php
$errors = array();
$username = "";
$password = "";
$msg = "Please Log in.";
?>
<?php if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
if($username != "rish" && $password != "password"){
$msg = "Try again.";
$errors['cred'] = "Wrong Credentials.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Single Page Form</title>
</head>
<body>
<?php
echo display_error($errors);
?>
<?php echo $msg ?>
<form action="singleform.php" method="post">
Username: <input type="text" name="username" value="<?php echo htmlspecialchars($username); ?>"><br>
Password: <input type="password" name="password" value="<?php echo "" ?>"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
You can do verifying if the $_POST data is empty. If was not empty, the users just load the page.
Can be do like code below:
<?php if(empty($_POST)):?>
<form action="singleform.php" method="post">
Username: <input type="text" name="username" value="<?php echo htmlspecialchars($username); ?>"><br>
Password: <input type="password" name="password" value="<?php echo "" ?>"><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php endif;?>
user isset ,, if the error initializes then it won't be displayed
<? if (!isset($errors['cred'])) { ?>
<form action="singleform.php" method="post">
Username: <input type="text" name="username" value="<?php echo htmlspecialchars($username); ?>"> <br>
Password: <input type="password" name="password" value="<?php echo "" ?>"><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php } ?>
Ok I am trying to create a simple login here but my login code as well as the intropage wont work properly. Tried to tweak the code for SESSION but find no luck.
Here's the code for my login.php:
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
Then for here's the code for my intropage.php where in I redirect the page.
<?php
session_start();
if(!isset($_SESSION["session_username"])){
header("location:login.php");
} else {
?>
<?php include("includes/header.php"); ?>
<h2>Welcome, <?php echo $_SESSION['session_username'];?>! </h2>
<p>Logout Here!</p>
<?php
}
?>
Any help please? Just wanna make this work or if anything you can tweak so that I can find where I made a mistake. A big thanks!
You need to check if the session name is set inside all pages using if(isset($_SESSION["session_username"]))
login.php
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
session_start();
?>
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_SESSION["session_username"])){
// echo "Session is set"; // for testing purposes
header("Location: intropage.php");
}
else{
echo "You are not logged in.";
}
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query =mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
// old placement
// session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
// $message = "Invalid username or password!";
echo "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
Footnotes:
Your present code is open to SQL injection. Use prepared statements, or PDO.
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
Passwords
I noticed that you may be storing passwords in plain text. This is not recommended.
Use one of the following:
CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
PBKDF2 For PHP
<?php
session_start();
require_once("includes/connection.php");
include("includes/header.php");
$message = '';
if(isset($_REQUEST["login"])) {
if((isset($_POST['username']) && strlen(trim($_POST['username'])) > 0) && (isset($_POST['password']) && strlen(trim($_POST['password'])) > 0)) {
$username = filter_var($_POST['username'],FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
$query = mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."' LIMIT 1");
if(mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query));
$_SESSION['session_username'] = $row['username'];
/* Redirect browser */
header("Location: intropage.php");
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" />
</label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" />
</label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php
include("includes/footer.php");
if (!empty($message)) {
echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";
}
?>
That won't do it, session_start needs to be at the top of the file to work properly. So either include it at the beginning of the file "includes/header.php" (which you are including in your login page) or in some other include file which you will be using in all of your pages.
Put your session_start() into your top of the page.
i have just commented your code. and its worked for me. Just copy and run this code directly.
<?php session_start();
//require_once("includes/connection.php"); ?>
<?php //include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
/* $query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{*/
$_SESSION['session_username']=$username;
print_r($_SESSION);
/* Redirect browser */
/* header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
*/
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
You are unnecessarily checking session username in intropage.php
you should remove the code
if(!isset($_SESSION["session_username"])){
header("location:login.php");
From intro file and start session only once and it should be in header file's first line.