<?php
session_start();
$root = 'root';
mysql_connect('localhost',$root,'') or die(mysql_error());
mysql_select_db("test_create_database") or die(mysql_error());
$result = mysql_query("SELECT * FROM members");
$row = mysql_fetch_assoc($result);
$username="";
$password="";
$id="";
if(isset($_POST["submit"]))
{
if(isset($_POST["submit"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !empty($_POST["id"]))
{
if(isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["id"]))
{ $username = $row["username"];
$password = $row["password"];
$id = $row["id"];
if($username == "John" && $password =="1234" && $id =="1")
{
echo "you're in";
}
else
{
echo "you're out!";
}
}
}
elseif (isset($_POST["submit"]) && (empty($_POST["username"]) || empty($_POST["password"]) || empty($_POST["id"])))
{
echo "enter all fields please!!!!";
}
}
session_destroy();
?>
if at first all the fields are filled in correctly and the submit button is pressed, the text "you're in" is printed onto the webpage and the text in the fields disappears. but if I refresh the page again, the printed text "you're in" still remains even though I have invoked the session_destroy() function. I don't understand why the session has not been destroyed. Any help would be appreciated.
The bits about session_start() and session_destroy() do not influence the POST-variables. As BugFinder pointed out, refreshing the page often re-submits whatever data you've just submitted. That's why the 'you're in'-message is presented again.
A way of preventing this behaviour is by redirecting after the submitted data has been processed. You could then set a session variable to keep track of the message you still need to display (or, if the user is logged in or not).
Your code would look something like this:
<?php
session_start();
$root = 'root';
mysql_connect('localhost',$root,'') or die(mysql_error());
mysql_select_db("test_create_database") or die(mysql_error());
$result = mysql_query("SELECT * FROM members");
$row = mysql_fetch_assoc($result);
$username="";
$password="";
$id="";
if(isset($_POST["submit"]))
{
if(isset($_POST["submit"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !empty($_POST["id"]))
{
if(isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["id"]))
{ $username = $row["username"];
$password = $row["password"];
$id = $row["id"];
if($username == "John" && $password =="1234" && $id =="1")
{
//do stuff
$_SESSION['message'] = "you're in";
}
else
{
$_SESSION['message'] = "you're out!";
}
}
}
elseif (isset($_POST["submit"]) && (empty($_POST["username"]) || empty($_POST["password"]) || empty($_POST["id"])))
{
$_SESSION['message'] = "enter all fields please!!!!";
}
$selfLink = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$selfLink .= "?" . $_SERVER['QUERY_STRING'];
}
header('location: '.$selfLink);
exit;
}
if (isset($_SESSION['message'])) {
echo $_SESSION['message'];
unset($_SESSION['message']);
}
?>
Note that the redirecting to the page itself seems a bit forced (using $_SERVER['QUERY_STRING'] to fetch the current page's location). It works more intuitively if you know the file name or if you're redirecting to a different page after handling form input.
isset($_POST["submit"]) remove this check in elseif.
After submit form and explicit refresh of page $_POST["submit"] is set but if u go manually to that page $_POST["submit"] will not be set.
Related
so i wrote this code for a login page in php
<?php
function SignIn() {
session_start(); //starting the session for user profile page
if(!empty($_POST['username'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM register where Username = '$_POST[username]' AND Password = '$_POST[password]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['Username']) AND !empty($row['Password'])) {
if($password = $row['Password']) {
$_SESSION['Username'] = $row['Password'];
echo "welcome ".$row['Name'];
}
if ($password != $row['Password']) {
echo "Something went wrong!" ;
}
}
}
}
if(isset($_POST['submit'])) {
SignIn();
}
?>
My problem is that while the login part works perfectly (when i give the right password) ,when i give a wrong password it doesn't show the message i set it to echo but shows a blank page instead....i tried so many times but no result...could someone please give me some help?
Your first IF statement is setting $password to the $row['password'] value:
if($password = $row['Password'])
When your second if statement starts, $password is the same as $row['password'] and the condition equals false:
if($password != $row['Password'])
The solution is to change the first if statement to a comparative equals:
if($password == $row['Password'])
Notice there are two = symbols? This tells PHP to check that they are both the same value.
You seem to have missed out an = sign :
if($password = $row['Password'])
as such you are not doing a comparison, but an assignment. I expect this should be :
if($password == $row['Password'])
try this
function SignIn() {
session_start(); //starting the session for user profile page
if(!empty($_POST['username'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM register where Username = '$_POST[username]' AND Password = '$_POST[password]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['Username']) && !empty($row['Password'])) {
if($password == $row['Password'])
{
$_SESSION['Username'] = $row['Password'];
echo "welcome ".$row['Name'];
}
else
echo "Something went wrong!" ;
}
}
}
second if condition must be outside the first if condition..
you are also assigning the password to$_SESSION['Username'] instead of $row['Username'] . i edited the code.. see below
<?php
function SignIn() {
session_start(); //starting the session for user profile page
if(!empty($_POST['username'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM register where Username = '$_POST[username]' AND Password = '$_POST[password]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['Username']) AND !empty($row['Password'])) {
if($_POST['password'] = $row['Password'])
$_SESSION['Username'] = $row['Username'];
echo "welcome ".$row['Username'];
}
if ($_POST['password'] != $row['Password']) {
echo "Something went wrong!" ;
}
}
}
if(isset($_POST['submit'])) {
SignIn();
}
?>
I am new to php and I wrote this code:
<?php
$usernametest="Testing";
$passwordtest="TestingPass";
if (isset($_POST['submit']))
{
if ((isset($_POST['username']) == $usernametest ) && (isset($_POST['password']) == $passwordtest ))
{ include ('templates/main.php');
}
else
{
echo "please enter the correct username and password combination";
}
exit();
}
?>
I made 2 text boxes and a submit button, I want the user to be directed to another page if the username equals Testing and the password equals TestingPass, and if the user doesnt type in the right combination I want the site to say the username and pass are incorrect. Also, where am I supposed to paste this code exactly? above the text boxes codes ?
You have error in condition checking and redirecting:
<?php
$usernametest="Testing";
$passwordtest="TestingPass";
if (isset($_POST['submit']))
{
if ((isset($_POST['username']) && $_POST['username'] == $usernametest ) && (isset($_POST['password']) && $_POST['password'] == $passwordtest ))
{
header('location: templates/main.php');
}
else
{
echo "please enter the correct username and password combination";
}
exit();
}
?>
You want to use header(). You should therefore not have an include in that condition, as headers will already be sent.
<?php
$usernametest="Testing";
$passwordtest="TestingPass";
if (isset($_POST['submit']))
{
if ($_POST['username'] == $usernametest && $_POST['password'] == $passwordtest)
{
header("Location: MY_PAGE.php");
}
else
{
echo "please enter the correct username and password combination";
}
exit();
}
?>
Isset() function checks if variable exists and returns boolean. You must check equality like this:
if ($_POST['username'] == $usernametest && $_POST['password'] == $passwordtest)
Always store values in variable to make code more understandable
<?php
$usernametest="Testing";
$passwordtest="TestingPass";
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == $usernametest && $password == $passwordtest ))
{ header("location:templates/main.php");
}
else
{
echo "please enter the correct username and password combination"; exit();
}
}
?>
I'm writing a login code for my control panel for my website. I've made the login script. But for some reason the session doesn't save, here is the parts of my code I use:
index.php
session_start();
if(isset($_POST['username']) && isset($_POST['password'])) {
require('scripts/validateLogin.php');
}
if($_SESSION['login'] == 1) {
$loginOkay=1;
echo "Logged in";
} else {
$loginOkay=0;
echo "Not logged in";
}
validateLogin.php
require('mysql_connect.php');
$username = htmlspecialchars(strtolower($_POST['username']));
$password = md5(htmlspecialchars($_POST['password']));
$result = mysqli_query($con, "SELECT username,password FROM tb_mods WHERE username = '$username';");
while($row = mysqli_fetch_array($result)) {
if ($row['username'] == $username && $row['password'] == $password) {
$_SESSION['login'] == 1;
}
}
I call session_start(); before I load my loginValidation.php so session_start(); is active in both pages.
I keep getting: Not logged in as result.
I think the line $_SESSION['login'] == 1; is wrong, you need only one equal character to add value to the session variable. I hope it will help.
I have some problem with my LoginForm.When I enter login parameters and click on Submit button
,the username and password field get blank and on again clicking on Submit button without providing parameters it gets login....So we have to click two times on Submit button to login
<?php
if(isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST['username'];
$password = $_POST['password'];
if(!empty($username) && !empty($password))
{
$query = "SELECT id FROM register WHERE username ='$username' AND password='$password'";
$query_run = mysql_query($query);
if($query_run)
{
$query_num_rows = mysql_num_rows($query_run);
if($query_num_rows == 0)
{
echo 'Invalid username/password';
}
else if($query_num_rows == 1)
{
$user_id = mysql_result($query_run,0,'id');
$_SESSION['user_id'] = $user_id;
header('Locaton : index.php');
}
}
}
}
?>
it seems you have misspelled the header() function
change header('Locaton : index.php');
to header('Location : index.php');
I have a login, register page. The register page is working fine, but I have a problem with my login page. When I log in succesfully it is supposed to redirect me to a page called members.php but instead just stays on the same page and goes no where. Here is my code for the login.php page where I think the problem may be occuring:
<?php
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
if (isset($_COOKIE['ID_my_site'])) {
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
while ($info = mysql_fetch_array($check)) {
if ($pass != $info['password']) {
} else {
header("Location: members.php");
}
}
}
if (isset($_POST['submit'])) { // if form has been submitted
if (!$_POST['username'] | !$_POST['pass']) {
die('<h1 class="error"></h1><p>You missed something</p>');
}
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '" . $_POST['username'] . "'") or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('<h1 class="error"></h1><p>That user does not exist in our database</p>');
}
while ($info = mysql_fetch_array($check)) {
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password']) {
die('<h1 class="error"></h1><p>Incorrect password, please try again</p>');
} else {
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: members.php");
}
}
} else {
?>
<h1 class="login"></h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username</p><input type="text" class="username" name="username">
<p>Password</p><input type="password" class="password" name="pass">
<div><button type="submit" name="submit" value="Login">Log in</button></div>
</form>
<?php
}
?>
The problem can be in this line:
if ($pass != $info['password']) {
}
Its telling the script to do nothing if the password doesn't match. Try putting a message there, like:
if ($pass != $info['password'])
{
die('invalid login');
}
If that doesn't work, put echo statements throughout your page, so you can follow what happens through the execution. i.e, echo 'checking login <br />', echo 'login checked..<br />' etc.
On another note, you should definitely encrypt your password, don't store it in plain text or if your website ever gets hacked (its happened to many big names) they will have everyone's password in plain text.
Also, by putting $username exactly how it is inside your query, you can be leaving your site open to sql injection, I suggest you read up on it if you don't want to be hacked.
First try declaring your own variables instead of re-initializing the built-in variables, for instance $_POST['pass'] = md5($_POST['pass']);
to $pass = md5($_POST['pass']);