My headers were working on my localhost but not working online.
<?php
require_once 'func/func.php';
if(isset($_POST['sub'])){
$user = trim(mysqli_real_escape_string($dbc,$_POST['username']));
$pass = mysqli_real_escape_string($dbc,$_POST['pass']);
$sql = "select * from register where matric = '$user' and passw ='$pass'";
$result = mysqli_query($dbc,$sql) or die(mysqli_error($dbc));
$num = mysqli_num_rows($result) or die(mysqli_error($dbc));
if($num == 1){
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['fname'].' '.$row['lname'];
$_SESSION['trader'] = $row['trader'];
$_SESSION['pic'] = $row['passport'];
$_SESSION['username'] = $row['username'];
error_reporting(E_ALL | E_WARNING | E_NOTICE);
ini_set('display_errors', TRUE);
flush();
header("Location: home/home.php");
die('should have redirected by now');
echo $pass;
}else{
echo "Invalid User Name or Password";
}
}
?>
<html><head>
</head>
<body>
<form action="" method="post">
<table width="409" border="0" align="center" cellpadding="4" cellspacing="4">
<tr>
<td width="166">User Name</td>
<td width="215">
<input type="text" name="username" id="text1">
</tr>
<tr>
<td>Password</td>
<td><p>
<input type="password" name="pass" id="password1">
</tr>
<tr>
<td colspan="2" align="center"><input name="sub" type="submit" value="Login" /></td>
</tr>
</table>
<? if(isset($msg)) echo $msg; ?> </form>
</body></html>
the func file contains the session and mysqli connect file it is working on localhost.
with all errors on it is not dispaying error. it is outputing shoul have redirected by now. please help me out
Your redirect works.
The problem is the URL is not correct.
Try it like this:
header("Location: http://site.com/home/home.php");
Try this way:
header("Location: ./home/home.php");
Related
I have a issue with my login form. I'm trying to login with PHP and MySQLi but for some reason every time I press the login button. The fields within the form reset to blank fields. This is my code index.php
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="" method="post">
<table width="500" align="center" bgcolor="skyblue">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
// checking the user
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['pass']);
$sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";
echo $sel_user;
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
echo $check_user;
if($check_user == 1){
$_SESSION['user_email']=$email;
header('Location: loggedin.html'); }
else { header('Location: index.html'); }
}
?>
I hope someone can help me to fix this issue because I really need to build a login form for my website
There's a few things I'd like to point out about your code, but the primary issue you've been having all along is that you are sending headers before you are calling the session_start(); and header("Location: ..); functions. This causes "Headers already sent" warnings, and will not break your script, but it won't function properly. You should read How to fix "Headers already sent" error in PHP.
The code below has been altered some as well, I've made a few changes to it that you really should include
Using prepared statements, to protect your database against SQL injection (see How can I prevent SQL injection in PHP?) (never, never, never, never ever trust user-input!)
Using exit after calling a header("Location .."); function (see php - Should I call exit() after calling Location: header?)
The altered code is given below, and should be placed above ANY kind of HTML.
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");
if (mysqli_connect_errno()) {
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$sql = "SELECT user_email FROM users WHERE user_email=? AND user_pass=?";
if ($stmt = $mysqli_prepare($sql)) {
mysqli_stmt_bind_param($stmt, "ss", $email, $pass);
mysqli_stmt_store_result($stmt);
// Checking if the user was valid
if (mysqli_stmt_num_rows($stmt) > 0){
$_SESSION['user_email'] = $email;
header('Location: loggedin.html');
exit;
} else {
header('Location: index.html');
exit;
}
}
}
?>
<!-- HTML form goes here, nothing(!) before this PHP -->
What you really should do is to hash your passwords - from the looks of it, your passwords are stored in clean text in the database, this is a BIG no-no!
You should use password_hash() and password_verify() for that. It's really important to protect your user should your database be breached.
To troubleshoot further, you should enable error-reporting:
error_reporting(E_ALL);
mysqli_error
mysqli_stmt_error
When you have enabled this, PHP will tell you what's wrong if you just check your logs.
dude try this
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="" method="post">
<table width="500" align="center" bgcolor="skyblue">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","users");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
// checking the user
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['pass']);
$sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user == 1){
$_SESSION['user_email']=$email;
header('Location: loggedin.html');
}
else {
header('Location: index.html');
}
}
?>
I need help building a PHP login form this is my index.php
<!DOCTYPE html>
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");
if (mysqli_connect_errno()) {
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$sql = "SELECT user_email FROM users WHERE user_email=? AND user_pass=?";
if ($stmt = $mysqli_prepare($sql)) {
mysqli_stmt_bind_param($stmt, "ss", $email, $pass);
mysqli_stmt_store_result($stmt);
// Checking if the user was valid
if (mysqli_stmt_num_rows($stmt) > 0){
$_SESSION['user_email'] = $email;
header('Location: loggedin.html');
exit;
} else {
header('Location: index.html');
exit;
}
}
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="" method="post">
<table width="500" align="center" bgcolor="skyblue">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
There error I get with this code is in the picture in this link - https://www.dropbox.com/s/vitdqwcv5dip20s/Untitled.png?dl=0
I can't login with the system I've builded now and I need help building it. I think the code is split after the > 0 but someone else need to look in to it I'm just a starter with php
From your screen shot :
You are not using this file in your wamp.
If you are not using it under wamp then your PHP file treat as HTML.
Here is each one of my .php pages. I can get it to register and go onto my local server. However when I go to the login page and actually login it will not redirect to the members page. I am not sure what the issue it. I am pretty new to PHP and the code looks decent. Very simple but I am trying to get this to work. Any help is appreciated. Thanks.
config.php
<?php
$host = "localhost";
$username = "root";
$password = "root";
$db = "motofoto";
//Connect to MySQL Server
$con = mysqli_connect($host,$username,$password,$db) or die("Can not connect to Server.");
?>
Login.php
<?php
session_start();
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
header( "Location: members.php" ); //isset check to see if a variables has been 'set'
}
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "")
{
echo "Please fill in all the information!";
}
//Check to see if the username AND password MATCHES the username AND password in the DB
else
{
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user' and password = '$pass'") or die("Can not query DB.");
$count = mysqli_num_rows($query);
if($count == 1){
//YES WE FOUND A MATCH!
#$_SESSION['username'] = $user; //Create a session for the user!
header ("Location: members.php");
}
else{
echo "Username and Password DO NOT MATCH! TRY AGAIN!";
}
}
}
?>
<html>
<table>
<tr>
<form name="register" method="post" action="login.php">
<td>
<table>
<tr>
<td colspan="3"><strong><center>Login </center></strong></td>
</tr>
<tr>
<td>Username</td>
<td>:</td>
<td><input autofocus name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table>
<tr>
<td>Not a Member? Register</td>
</tr>
</table>
</html>
register.php
<?php
session_start(); //Must Start a session.
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
//'isset' check to see if a variables has been 'set'
if(isset($_SESSION['username'])){
header("location: members.php");
}
//Check to see if the user click the button
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
$rpass = $_POST['rpass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$rpass = stripslashes($rpass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
$rpass = mysqli_real_escape_string($con, $rpass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "" || $rpass == "")
{
echo "Please fill in all the information!";
}
else
{
//Check too see if the user's Passwords Matches!
if($pass != $rpass)
{
echo "Passwords do not match! Try Again";
}
//CHECK TO SEE IF THE USERNAME IS TAKEN, IF NOT THEN ADD USERNAME AND PASSWORD INTO THE DB
else
{
//Query the DB
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user'") or die("Can not query the TABLE!");
//Count the number of rows. If a row exist, then the username exist!
$row = mysqli_num_rows($query);
if($row == 1)
{
echo "Sorry, but the username is already taken! Try again.";
}
//ADD THE USERNAME TO THE DB
else
{
$add = mysqli_query($con,"INSERT INTO members (id, username, password) VALUES (null, '$user' , '$pass') ") or die("Can't Insert! ");
echo "Successful! <a href='members.php'> Click Here </a> to log In.";
}
}
}
}
?>
<html>
<table width="300" align="center" cellpadding="0" cellspacing="1" border="1px solid black">
<tr>
<form name="register" method="post" action="register.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong><center>Registration</center></strong></t
d>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td>Repeat Password</td>
<td>:</td>
<td><input name="rpass" type="password" id="rpass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</html>
members.php
<?php
session_start();
require "config.php";
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
echo "Hello ".$_SESSION['username'].", you are logged in. <br /> This the member's page! Nothing here :(. <a href='logout.php'>Click Here </a>to log out.";
}
else{
echo "Please <a href='login.php'>Log In </a> to view the content on this page!";
}
?>
logout.php
<?php
session_start();
require "config.php";
session_destroy();
echo "You have successfully logged out. <a href='login.php'> Click here </a> to login!";
?>
1)try to add session close function, this may help as session is possibly not saved yet.
#$_SESSION['username'] = $user; //Create a session for the user!
session_write_close();
header ("Location: members.php");
2) And as Fred mentioned try to debug with php error reporting.
3) Small note: register.php => change link to Login.php not members.php
echo "Successful! <a href='Login.php'> Click Here </a> to log In.";
PS: I tested your script and it worked fine even without session_write_close();
Alternatively you can use following function to redirect through java script. It's not the solution but you can use as alternative.
function redirect($url)
{
echo $data= "<script type='text/javascript'> window.location.href = '".$url."'; </script>";
break;
}
I am making a web with a login system which is working fine.
I have also made a page which one has to log in to view. It is also working fine and when a user logs in it also gives a welcome "username" message.
However for an unknown reason this session variable is not being stored to the other pages. The thing is that I used the same methods which I used for the page with login restrictions.
Below is my login page. (works fine).
<?php
session_start();
?>
<form id="login_form" method="post" action="">
<p>
<?php
if(isset($_POST["username"]) && isset($_POST["password"])){
$username = $_POST["username"];
$password = $_POST["password"];
if(strlen($username) < 4 || strlen($password) < 4){
echo "Username or Password are invalid.";
}else{
require("connect.php");
$login = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' ") or die(mysql_error());
if(mysql_num_rows($login) == 0){
echo "Username or Password are incorrect!";
} else{
require("member.php");
$member_info = mysql_fetch_assoc($login);
setMember($member_info["id"]);
$_SESSION['user'] = "$username";
echo "Welcome ".$member_info["fname"]." ".$member_info["lname"]."<br />";
echo "Redirecting... Please wait.";
jumpTo("my_logs_testing.php",2);
}
//Free result & close connection.
mysql_free_result($login);
mysql_close($link);
}
}else{
}
?>
</p>
<table frame="box" bgcolor="" width="40%" border="0" cellpadding="6" align="center">
<tr>
<td colspan="2"><div align="center"><font color="#FFFFFF"><strong>Diving Advisor | Log In System</strong></font> </div> </tr>
<tr>
<td width="25%"><font color="#FFFFFF"><strong><label for="username2">Username:</label></strong></font></td>
<td width="75%" align="left"><input name="username" type="text" id="username" size="30" maxlength="20" /></td>
</tr>
<tr>
<td><font color="#FFFFFF"><label for="password"><strong>Password:</label></strong></font></td>
<td align="left"><input name="password" type="password" id="password" size="30" maxlength="20" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit_login" id="submit_login" value="Log In" /></td>
</tr>
</table>
</form>
This is the page with login restriction (works fine).
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
if( !isMember() ){
header("Location: login.php");
} else {
?>
<?php
if(mysql_connect('localhost', 'root','') && mysql_select_db('diving_advisor')){
echo "Welcome ".$current_user;
$errors = array();
if(isset($_POST['datepicker'],$_POST['location'],$_POST['description'])) {
cont.......................
And this is one of the the other pages which is not working (session variable seems to be lost! HERE IS THE PROBLEM!!!!
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
?>
Here is code from template.......................
Then the editable region....
<?php
echo $current_user;
?>
<p><strong>Heading 1</strong></p>
<p>This is the home page of the diving advisor application.
Lore......
echo $currentuser is printing nothing on the page. It is suppose to print the logged in user but for some reason it is not.
Please help cause i really do not know what is wrong!!
Tks in advance.
session_start();
Needs to be the first thing that is called on each page.
every time click login it return me to the login screen
this is my first code to login
<form action="" method="post" name="log">
<table border="0" align="center">
<tr>
<td colspan="4"><span style="font-size:18px; color:#039; font-weight:bold;">Login</span></td>
</tr>
<tr>
<td width="113">User name</td>
<td width="120"><span id="sprytextfield1">
<input name="Uname" type="text" id="LogInUname" size="20" />
<span class="textfieldRequiredMsg"><br />
A value is required.</span></span></td>
</tr>
<tr>
<td>Password</td>
<td><span id="sprypassword1">
<input name="Pword" type="password" id="LogInPword" size="20" />
<br />
<span class="passwordRequiredMsg">A value is required.</span></span></td>
</tr>
<tr>
<td><span class="newUsers">New user</span></td>
<td></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" name="submitid" id="LogInbutton" value="Login" /></td>
</tr>
</table>
</form>
<?php
session_start();
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
$Pword = $_POST['Pword'];
$Uname = stripslashes($Uname);
$Pword = stripslashes($Pword);
$Uname = mysqli_real_escape_string($db, $Uname);
$Pword = mysqli_real_escape_string($db, $Pword);
$loginUser = " select * from loginaccess where Uname= '".$Uname."' and Pword='".$Pword."'";
$loginUserResults=$db->query($loginUser) or die($db->error);
if($loginUserResults -> num_rows == 1) {
$_SESSION['log']=1;
header('Location:index.php?learn_id=12');
}else{
header('Location:index.php?learn_id=320');
}
}
?>
<?php ob_flush() ?>
and this is the other page that it should go to
<?php
session_start();
if (!(isset($_SESSION['log']) && $_SESSION['log'] != 1)) {
header ("Location:index.php?learn_id=3");
}
?>
now please some one tell me why I am every time try to login I return to the login page what is wrong there.
First: This line
$_SESSION['log']==1; // compare
should be
$_SESSION['log']=1; // assign
Second: I don't see the session_start(); at the very top of your first page (login)
Third: Do not use both stripslashes and mysqli_real_escape_string. The latter is enough (better if you use a PDO).
Call the session_start();
<?php
session_start();
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
....
$_SESSION['log']=1; //assign a value
...
?>
Maybe you've forgot to type
session_start();
On the beginning of the login code, right after
<?php ?
It should look like this :
<?php
session_start(); // Here
if(isset($_POST['submitid'])) {
$Uname = $_POST['Uname'];
$Pword = $_POST['Pword'];
$Uname = stripslashes($Uname);
$Pword = stripslashes($Pword);
Your problem seems to be $loginUserResults->num_rows in your if-statement. You're referring to it as it would be part of mysqli class, even though it's part of the mysqli_stmt class.
Modify your code as follows:
$loginUser = " select * from loginaccess where Uname= '".$Uname."' and Pword='".$Pword."'";
$stmt = $mysqli->prepare($loginUser);
$stmt->execute();
$stmt->store_result();
And then your if:
if($stmt->num_rows == 1) {
$_SESSION['log']=1;
header('Location:index.php?learn_id=12');
}