I am working on something, but with my if statements, it will say "test" no matter what, not following the other if statements. Help please, heres my code:
<?php
$userr = $_POST['user'];
$user = ucwords($userr);
$pass = $_POST['pass'];
if ($submit)
{
if ($userr && $pass)
{
if ($user == "Admin" && $pass == "password")
{
echo "Logged in";
}
else
{
echo "Fill in all fields";
}
}
else
{
echo "Submit!";
}
}
else
{
echo "test";
}
?>
Where are initializing your $submit?
By a look at your code, I think you need:
$submit = $_POST['submit'];
That's most likely because $submit always evaluates to false.
Make sure that $submit is defined and is what you expect it to be.
Also, if $user == 'false' your script will break without warning.
Related
$con = mysqli_connect('localhost', 'login', '*mypass*', 'login');
$check = "SELECT * FROM users";
$rs = mysqli_query($con, $check);
if(isset($_POST['submit'])) {
$username = strtolower($_POST['username']);
$password = hash('sha512', $_POST['password']);
if($username && $password){
while($data = mysqli_fetch_array($rs)){
if($username == $data[1]){
if($password == $data[2]){
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$exp = time() + (60*60*24*365);
setcookie('user', $username, $exp);
echo "test";
header("location: dash.php");
exit();
} else {
error("Incorrect Password");
}
}
}
} else {
error("Please insert your username and password");
}
}
In this code, the content of the if statement ( if($password == $data[2]) ) doesn't run correctly: only the echo function works, all the other doesn't!
Is there a solution to this issue?
I use PHP 7.0
POST:
echo "test"; was added only for testings purposes, the code doesn't work with or without it.
Looking at this part:
if($username && $password){
while($data = mysqli_fetch_array($rs)){
if($username == $data[1]){
if($password == $data[2]){
You should be careful when reading $data. Put simply, the $data array is indexed on a per-row basis starting from 0, so $data[1] and $data[2] refer to the entire second and third resultset rows, but you're not actually reading any result fields.
The right and cleaner way would be:
if($username && $password){
$data = mysqli_fetch_array($rs);
foreach ($data as $row)
{
$username = $row['field_name_with_username];
$password = $row['field_name_with_password];
... then whatever you need to do afterwards with those variables
}
If you rather stay away from the foreach looping, you can use while or for, but you need to define an interation counter (i.e. $i = 0; before entering the loop and $i++; just before the end of each iteration) and on each pass access $data[$i]['field_name_with_username'] and $data[$i]['field_name_with_password']
This is not an answer but something to try to check sessions are working.
Place the following code in its own file:
<?php
session_start();
if(isset($_SESSION['test_counter'])) {
$_SESSION['test_counter']++;
} else {
$_SESSION['test_counter'] = 1;
}
echo $_SESSION['test_counter'];
It should first display 1, and then increment the integer upon refresh.
I have been trying to solve this issue couldn't, tried reading from asked questions but couldn't get it. I started the session and required it in another page but when ever i want to use it to insert some text base on the current session id, it is always zero in the database. Please,explain to me, maybe i miss understood it. Thanks!
<?php
ob_start();
session_start();
if(isset($_SESSION['$user_id']) && !empty($_SESSION['$user_id']))
{
return true;
}
else
return false;
?>
include.php
<?php
include ("login._form.php");
require ("include.php");
require("require.php");
if ($_SERVER["REQUEST_METHOD"]== "POST")
{
$username = mysqli_real_escape_string($link, $_POST["user"]);
$password = mysqli_real_escape_string($link,$_POST["password"]);
if(empty($username) || empty($password))
{
die();
}
$row = mysqli_query($link,"SELECT * FROM `users` WHERE username ='$username'");
if($row === false)
{
echo "Query Error";
}
while($fetch = mysqli_fetch_array($row)){
if($username == $fetch["username"] && $password == $fetch["password"])
{
$_SESSION["id"] = $id;
header('Location:index.php');
}
else
die("user does'n exist");
}
mysqli_close($link);
}
login.php
?>
require("include.php");
include ("yd_sendpage_form.php");
require("require.php");
if ($_SERVER["REQUEST_METHOD"]== "POST")
{
$user_id = $_SESSION["id"];
$text = mysqli_real_escape_string($link,$_POST["text"]);
if(empty($text))
{
die("Field Can't Be Empty!");
}
$insert = mysqli_query($link,"INSERT INTO `text`(`id`, `user_id`, `text`) VALUES ('$user_id','$user_id','$text')");
}
?>
yd_sendpage.php
Change
if(isset($_SESSION['$user_id']) && !empty($_SESSION['$user_id']))
to
if(!empty($_SESSION['id']))
And don't forget about SQL injection, your code is vulnerable to it.
More information about SQL injection in your code
$_SESSION["id"] was not set, so i changed $_SESSION["id"] to $_SESSION["user"] = $username in the login.php and other pages to $_SESSION["user"] and that works. Thanks!
this is the code that have 3 user, the code just running for 2 user,it's in condition idLogin=1 and idLogin=2, i don't know why in condition idLogin=3 it does't work .
<?php
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
$username = $_POST['username'];
$password = $_POST['password'];
$login = $_POST['login'];
if (isset($login)) {
$mysqli = new mysqli("localhost", "root", "", "loginda");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
}
$res = $mysqli->query("SELECT * FROM login where username='$username' and password='$password'");
$row = $res->fetch_assoc();
$idLogin = $row['id_login'];
$user = $row['username'];
$pass = $row['password'];
$type = $row['type_login'];
if ($user == $username && $pass = $password) {
session_start();
if ($idLogin == "1") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('admin.php')</script>";
} elseif ($idLogin == "2") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('index.php')</script>";
} elseif ($idLogin == "3") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('index2.php')</script>";
} else {
?>
this is code for index2.php
<?php
session_start();
if (!isset($_SESSION['mysesi']) && !isset($_SESSION['myid'])=='3')
{
echo "<script>window.location.assign('login.php')</script>";
}
?>
<!DOCTYPE html>
<html lang="en">
..........
</html>
I think error may be here...
if($user==$username && $pass=$password) // here is single `=` sign
It should be like as:
if($user==$username && $pass==$password) // double `==` for comparasion
I might be wrong, but I don't think that you can check bool isset for $S_SESSION['myid'], while checking its contents within the same if statement. I think you might have to check that the sessions are set first, then check the value of $_SESSION['myid'].
Try this:
if ((!isset($_SESSION['mysesi']) && !isset($_SESSION['myid'])) || $_SESSION['myid'] !='3')
{
echo "<script>window.location.assign('login.php')</script>";
}
You should also consider using PDO objects for MySQL interactions. And even more importantly, you need to sanitize your user inputs below using them in your MySQL Query, if you are going to use mysqli the way you that currently do.
Lastly, you should not be storing your passwords in plain text. There are a number of hashing algorithms available to hash passwords before storing them in your database. However PHP5.5 and up includes the password_hash function to make things easier for you.
i did this code :
file index.php:
<?php
if (isset($_POST['valider']))
{ if (!isset($_SESSION)) { session_start(); }
require("function.php");
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
if(!VerifierAdresseMail($email)){?>
<script>alert('invalid mail');</script>
<?php
}
else{
if(!authentification($email,$password))
{?>
<script>alert('logging failed');</script>
<?php
}
else{
header('Location: choice.php');
}}
}
?>
In function.php:
<?php
function VerifierAdresseMail($adresse)
{
$Syntaxe='#^[\w.-]+#[\w.-]+\.[a-zA-Z]{2,6}$#';
if(preg_match($Syntaxe,$adresse))
return true;
else
return false;
}
function statistics($id){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
?><script>alert(<?php echo $cle ?>);</script><?php
$Log_query=mysql_query(
"
SELECT *
FROM tbl_captcha
WHERE user_id ='$id'
") or die(mysql_error());
$_SESSION['success'] =0;
$_SESSION['fail'] =0;
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
?><script>alert('heni');</script><?php
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['success'] += $Res_user['success'];
$_SESSION['fail'] += $Res_user['fail'];
}
}
}
function authentification($mail,$pwd_U){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
$Log_query=mysql_query(
"
SELECT *
FROM tbl_user
WHERE email ='$mail'
AND user_pass ='$pwd_U'
") or die(mysql_error());
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
$Res = array();
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['mail'] = $mail;
$_SESSION['pwd'] = $pwd_U;
$_SESSION['id'] = $Res_user['id'];
}
return true;
}
else return false;
}
?>
when i verify $_SESSION['id'] in choice.php, it is null, but in index.php (before redirection) it has a value. i don't understand why i lost this session variable
Your isset() check isn't sufficient, because it would only be executed if $_SESSION is NULL, and it will never be - it's an empty array instead and it always exists, even before you call session_start().
You have to always run session_start(); to be able to use sessions, even if you're only reading them. Also, $_SESSION is a superglobal, so it is never empty : http://php.net/manual/en/reserved.variables.session.php.
You can run session_start without your isset() check. From the manual:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
Don't forget to run session_start in choice.php
Your Index.php should probably be like this. You should never tell the user which part of the login they got wrong..... only that it failed.
<?php
session_start();
require("function.php");
if (isset($_POST['valider']))
{
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
if(VerifierAdresseMail($email) && authentification($email,$password))
{
header('Location: choice.php');
}
else
{
echo "Invalid Login";
}
?>
The login works as a typical login should, the problem is that you can ONLY put in the username and it will log you in. Pretty much if the username is correct then the password doesnt even matter.
php
<?php
include 'password.php';
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password']) && isset($_POST['user'])) {
if (sha1($_POST['password'] == $password) && sha1($_POST['user']) == $user) {
$_SESSION['loggedIn'] = true;
} else {
$error_msg = "Incorrect Login!";
}
}
if (!$_SESSION['loggedIn']): ?>
the mistake is at this line
if (sha1($_POST['password'] == $password) && sha1($_POST['user']) == $user) {
you put the parentheses to the wrong place (the one after password), the following should be fine.
if (sha1($_POST['password']) == $password && sha1($_POST['user']) == $user) {
Besides the fact what marvin explained, I would add a line into your code.
} else {
$error_msg = "Incorrect Login!";
$_SESSION['loggedIn'] = false; // Add this line
}