I am working on building a PHP login and registration system for my website. The coding calls for using $errors[] if form fields are empty and functions to check if the input username exist on the database. I am not recieving any errors, even if I do not put in any information.
login.php
<?php
include 'cic/initalize.php';
if (user_exists('cassey') === true) {
echo 'exists';
}
die();
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Please provide your username and password.';
} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find the username entered, please enter a valid
username or register to continue';
}
}
?>
clients.php (users)
<?php
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT userId FROM clients WHERE
username = '$username'"), 0) === 1) ? true : false;
}
?>
code that calls login.php
<div class="widget">
<h2>Login | Register</h2>
</div><!--End widget class tag-->
<div class="inside">
<form action="login.php" method="post">
<ul id="logIn">
<li>
Username:<br/>
<input type="text" name="username"/>
</li>
<li>
Password:<br/>
<input type="password" name="password"/>
</li>
<li>
<input type="submit" value="Login"/>
</li>
<li>
Register
</li>
</ul>
</form>
</div><!--End inside class tag-->
login.php:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
include 'cic/initalize.php';
if (user_exists('cassey') === true)
echo 'exists';
else
die "User does not exist!";
if (isset($_POST['your_submit_button']) && isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST['username'];
$password = $_POST['password'];
if (strlen($username)==0 || strlen($password)==0)
{
$errors[] = 'Please provide your username and password.';
}
elseif(user_exists($username) === false)
{
$errors[] = 'We can\'t find the username entered, please enter a valid
username or register to continue';
}
}
else
{
echo "Error: at least one field wasn't set in the form !<br>";
print_r($_POST);
}
?>
Documentation:
isset
empty
ini_set
error_reporting
print_r
Replace your_submit_button with the real name of the submit button in your HTML form.
Using empty() is not a good idea since the string "0" is considered empty. What you need to check is if the strings contain at least a character (length not equal to zero).
Related
So this is my code, and I have no idea what I did wrong. The result of whatever it is that I did wrong is that every time I try to login with both of the fields filled, that is to say, that I have a password and a username entered, I get an error message saying to please fill in all fields, as though I hadn't filled one of them.
login.php
include_once 'header.php';
?>
<section class="signup-form" style="text-align:center;">
<h2>Log In</h2>
<form action="includes/login.inc.php" method="post">
<input type="text" name="uid" placeholder="Username/Email">
<br><br>
<input type="password" name="pwd" placeholder="Password">
<br><br>
<button type="submit" name="submit">Log In</button>
</form>
<?php
if(isset($_GET["error"])){
if($_GET["error"] == "empty input") {
echo "<p style='color:red; text-align:center;'>Please fill in all fields!</p>";
}
if($_GET["error"] == "wronglogin") {
echo "<p style='color:red; text-align:center;'>wrong login info. Try again</p>";
}
}
?>
</section>
login.inc.php
<?php
if(isset($_POST["submit"])){
$username = $_POST['uid'];
$pwd = $_POST['pwd'];
require_once 'dbh.inc.php';
require_once "functions.inc.php";
if (emptyInputLogin($username, $pwd) !== false) {
header('location: ../login.php?error=empty input');
exit();
}
loginUser($conn, $username, $pwd);
}
else {
header('location: ../login.php');
exit();
}
functions.inc.php
function emptyInputLogin( $username, $pwd ) {
$result;
if (empty($username) || empty($pwd)){
$result = false;
}
return $result;
}
You need to return true if any of them are empty and false if they are not.
function emptyInputLogin( $username, $pwd ) {
$result = false; // default value to return
if (empty($username) || empty($pwd)){
$result = true;
}
return $result;
}
This function can also be written as:
function emptyInputLogin( $username, $pwd ) {
return empty($username) || empty($pwd);
}
since empty($username) || empty($pwd) will evaluate as true/false.
Your if-statement can also be changed to just
if (emptyInputLogin($username, $pwd))
which makes it easier to read.
Or even easier, skip the function altogether in your login.inc.php file:
if (empty($username) || empty($pwd)) {
header('location: ../login.php?error=empty input');
exit;
}
So I have a page where when user click on login button, it will open up an iframe popup with a login form. So, if the user submitted the correct username/password, it will redirect the parent page to let say Main.php. However, I wasn't able to achieve this as it keeps on redirecting it in the iframe popup. How do I achieve this? I'm fairly new to php so please clarify your answer.
Here's the code snippet that processes the login. Tell me if you need more. Thank you.
<?php
include '../Initialization.php';
if (empty ($_POST) === false) {
$username = $_POST ['username'];
$password = $_POST ['password'];
if (empty ($username) === true || empty ($password) === true) {
$errors[] = 'You need to enter a username and password!';
} else if (user_exists ($username) === false) {
$errors[] = 'We can\'t find the username you entered. Have you registered?';
} else if (user_active ($username) === false) {
$errors[] = 'You haven\'t activated your account!';
} else {
$login = login($username, $password);
if ($login === false) {
$errors[] = 'That username/password combination is incorrect!';
} else {
$_SESSION['user_id'] = $login;
header("Refresh:0; url=../../Main.php"); //Am I doing anything wrong here?
exit();
}
}
print_r ($errors);
}
?>
The link that will open up the iframe :
<a class='iframe' href="Login.php" style="text-decoration:none; color:#FFF">LET'S GO</a
The login form :
<form action = "Core/System/LoginProcess.php" method="post">
<p>
<input name="username" type="text" class="textBox" id="username2" placeholder = "Username" onblur="this.value=removeSpaces(this.value);"/>
<br />
<br />
<input name="password" type="password" class="textBox" id="password" placeholder = "Password" />
</p>
<p> </p>
<p>
<input name="Login" type="submit" class="loginButton" id="Login" value="Login" />
</p>
</form>
Ok, so this question is kind of hard to word, but i'll try my best. So I currently have an index.php page with a pop-up login form and I have login.php with all the login php stuff to deal with the request. At the moment I can only seem to print login errors on the login.php page, which opens up a blank white page with just the errors on that, due to the fact that the form action on my index.php form is set to "login.php" which deals with the login stuff.. What I want is to print the erros on the login form in my index.php, but have the login.php deal with the rest of the php. I hope that kind of makes sense.
<form action="login.php" method="post">
<label>Email Address</label>
<input type="text" name="email"/>
<br />
<label>Password</label>
<input type="password" name="password"/>
<br />
<!--<?php
if(empty($errors)===false){
echo output_errors($errors);
}
?>-->
<div class="checkbox">
<input id="remember" type="checkbox" />
<label for="remember">Keep me signed in</label>
</div>
<div class="action_btns">
<div class="one_half last"><input type="submit" class="btn btn-blue" value="Login"></div>
<div class="one_half last">Sign up</div>
</div>
</form>
Above is the code for my form on the index.php page. the commented out php in that is where I want to print the errors.
Below is my login.php
<?php
include 'init.php';
function sanitize($data){
return mysql_real_escape_string($data);
}
function output_errors($errors){
return '<ul><li>'.implode('</li><li>', $errors).'</li></ul>';
}
//check if user exists
function user_exists($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email'"),0) == 1)? true : false;
}
//check if user has activated account
function user_activate($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email' AND active =1"),0) == 1)? true : false;
}
function user_id_from_email($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT id FROM register WHERE email = '$email'"),0,'id'));
}
function login($email,$password){
$user_id = user_id_from_email($email);
$email = sanitize($email);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(id) FROM register WHERE email = '$email' AND password ='$password'"),0) == 1)? $user_id : false;
}
if(empty($_POST)=== false){
$email = $_POST['email'];
$password = $_POST['password'];
}
if(empty($email)|| empty($password) === true){
$errors[] = "You must enter a username and a password";
}
else if(user_exists($email) === false){
$errors[] = "Email address is not registered";
}
else if(user_activate($email) === false){
$errors[] = "You haven't activated your account yet";
}
else{
$login = login($email, $password);
if($login === false){
$errors[] = "email/password are incorrect";
} else {
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
if(empty($errors)===false){
header('Location: index.php');
echo output_errors($errors);
}
?>
This is my init.php below too which stores the array.
<?php
session_start();
error_reporting();
require 'connection.php';
$errors = array();
?>
A tip before I start is to never put variables that are not constant into prepared statements, you're allowing user input directly to your SQL statements.
But more to the point, if you want to receive errors, I'd suggest you use a basic die($db->error); where you want to return an error via the database.
Always remember to $db->close(); at the end of working with a connection.
When you press login on my site, the script uses mysqli_real_escape_string and than process the login.
When you are for example at the homepage and you press the login button there, the site goes to this file. if everything goes well, you will be redirected to the begin page but when something goes wrong, you will stay at this page and see a form. The form contains the data you entered before your pressed login. THAT data contains a slash at the end.
I want to remove the slashes by using stripslashes so I created a function called slash to remove them but when you enter the wrong things I still see the slashes.
//the slash function is placed in a previous loaded file
function slash($username, $password){
$password = stripslashes($password);
$username = stripslashes($username);
return $username;
return $password;
}
if(empty($_POST === false)){
$username = $_POST['username'];
$password = $_POST['password'];
//check if the fields are empty
if (empty($username) || empty($password)){
$errors[] = 'You need to enter a username and password';
//check if the username exists
}else if(user_exists($username) === false){
$errors[] = 'We can\'t find that username';
slash($username, $password);
//check if the username is active
}else if(user_active($username) === false){
$errors[] = 'You haven\'t activated your account';
slash($username, $password);
//if none of the previous checks are false, log in
}else{
$login = login($username, $password);
//if username or password is incorrect, display error
if($login === false){
$errors[] = 'That username or password combination is incorrect';
slash($username, $password);
//if everthing is fine, log in
}else{
//set the user session
$_SESSION['user_id'] = $login;
//redirect user to home
header('Location: index.php');
exit();
}
}
}
?>
<html>
<head>
<link rel="stylesheet" href="css/error_login.css"/>
</head>
<body>
<?php
include 'templates/menu/menu.php';
?>
<div class="error_login">
<h3>Login</h3>
<form action="login.php" method="POST">
<div id="login">
username:<br>
<input type="text" name="username" value=<?php echo $username; ?>/><br><br>
password:<br>
<input type="password" name="password" value=<?php echo $password; ?>/><br><br>
<input type="submit" value="Log In"/><br><br>
Register
<ul>
<?php
error_output($errors);
?>
</ul>
</div>
</form>
</div>
<?php
include 'templates/footer/footer.php';
?>
</body>
</html>
edit
input:
username: test
password:
The input is invalid like your see because there is no password so the site will reshow a form with the userinput + an added slash
output:
username: test/
password: ●
In your HTML:
<input type="text" name="username" value=<?php echo $username; ?>/>
You missed the double-quotes to the value attribute:
<input type="text" name="username" value="<?php echo $username; ?>"/>
This is the same for password.
Here is my form that is using login.php to check if the user is registered, etc.
<form action="login.php" method="post" target="SHOW">
<ul id="login">
<li>
Username:<br />
<input type="text" name="username">
</li>
<li>
Password:<br />
<input type="password" name="password">
</li>
<li>
Submit:
<br />
<input type="submit" name="log in">
</li>
<li>
Register</li>
</ul>
</form>
<iframe id="iframe" name="SHOW" scrolling="no"></iframe>
My dilemma stems with the iframe tags I'm using to display the error messages. If the user is registered I would like to redirect him back to index.php as you can see at the end of the PHP ---> header('Location: index.php');
Problem is that iframe doesn't allow for redirecting. So, I would like to change the target from ---> target="SHOW" to target="_top" or something like that. So, the user is redirected after successfully logging in without using any JavaScript.
My failed attempt at accomplishing this --> $href->removeAttribute('target');
$href->setAttribute("target", "_top");
Here is login.php.
<?php
include 'core/init.php';
if(empty($_POST) === false){
$username = $_POST['username'];
$password = $_POST['password'];
if(empty($username) || empty($password) === true){
$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false){
$errors[] = 'We can\'t find that username. Have you registered?';
} else if (user_active($username) === false){
$errors[] = 'You haven\'t activated your account!';
} else {
$login = login($username, $password);
if($login === false){
$errors[] = 'That username/password combination is incorrect';
} else {
$_SESSION['user_id'] = $login;
$href->removeAttribute('target');
$href->setAttribute("target", "_top");
header('Location: index.php');
exit();
}
}
print_r($errors);
}
?>
Since you're POST-ing to the iframe, any action taken by the response will only be valid for the context of the iframe itself, which means that doing a regular HTTP redirection will only change the content of the iframe.
If you want to keep the iframe (which I'd advice against, and instead keep both the error handling and logging in the same controller / file that displays the form), you can redirect by using javascript in your iframe response:
<script type="text/javascript">
parent.location.href = 'http://www.bbc.co.uk/';
</script>
Not pretty, but it works.