I have been trying to get this sign up php to work. I'm close, I guess. But there's a problem. The result is always a button that redirects to the homepage(You'll know what I'm talkin about when you read the code.) If you could find the problem please tell me.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="jmtoday" class=" no_js">
<head>
<link href='icon.jpg' rel='icon' type='image/jpg'/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="en" />
<LINK REL=StyleSheet HREF="Mainstyles.css" TYPE="text/css"></link>
<Title>Sign up to JM Today</title>
</head>
<body>
<?php
$dbservertype='mysql';
$servername='localhost';
$dbusername='***';
$dbpassword='***';
$dbname='jmtdy';
function connecttodb($servername,$dbname,$dbuser,$dbpassword)
{
global $link;
$link=mysql_connect("$servername","$dbuser","$dbpassword");
if(!$link){
die("Could not connect to MySQL");
}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
}
connecttodb($servername,$dbname,$dbusername,$dbpassword);
?>
<?php
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password2=mysql_real_escape_string($_POST['password_confirmation']);
$todo=mysql_real_escape_string($_POST['todo']);
$email=mysql_real_escape_string($_POST['email']);
$fname=mysql_real_escape_string($_POST['fname']);
$lname=mysql_real_escape_string($_POST['lname']);
if(isset($todo) and $todo=="post"){
$status = "OK";
$msg="";
}
if(!isset($username) OR strlen($username) <3){
$msg=$msg."Username should be equal to or more than 3 characters long<BR/>";
$status= "NOTOK";
}
if(mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '$username'")or die (mysql_error ()))){
$msg=$msg."Username already exists. Please try another one<BR/>";
$status= "NOTOK";}
if ( strlen($password) < 3 ){
$msg=$msg."Password must be more than 3 charactors long<BR/>";
$status= "NOTOK";
}
if ( $password <> $password2 ){
$msg=$msg."Passwords are not identical.<BR/>";
$status= "NOTOK";
}
if($status="NOTOK"){
echo "$msg<br/><input type='button' value='Retry' onClick='history.go(-1)'>";
}
else {
if(mysql_query("insert into users(username,password,email,fname,lname) values('$username','$password','$email','$fname','$lname')")or die (mysql_error ())){
echo "Welcome, You have successfully signed up";
}
else {
echo "Database Problem, please contact Site admin";
}
}
?>
</body>
</html>
You're missing an = on the line
if($status="NOTOK"){
It will assign the "NOTOK" to the $status and be boolean true.
Related
This is a simplified version of a project I'm working on.
The main idea is that test.php sends 'acct-id' to submitData.php and it validates if the account ID already exists in the server. In case it already exists, I want to send an error message to test.php.
I have built this code but I can't get '$err_msg' to change it's value in test.php. This variable changes it's value within the 'while' loop but it does not change outside it.
How can I send $err_msg value to test.php?
Thanks in advance to all possible help.
test.php
<?php
include 'submitData.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form action="submitData.php" method="POST">
<input type="text" name="acct-id">
<input type="submit" name="submit-btn">
<?=$err_msg?>
</form>
</body>
</html>
submitData.php
<?php
include '../tools/db_config.php';
$err_msg = "test";
if(isset($_POST["submit-btn"])){
$acct_id = $_POST["acct-id"];
$sql = "SELECT * FROM accounts WHERE acct_id='$acct_id'";
if ( $result = $conn->query($sql) ){
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$err_msg = "This account already exists.";
}
header('Location: test.php');
}
}else {
$output="Error en la consulta: ".$conn->error;
}
}
?>
You can use Session for this.
<?php
include '../tools/db_config.php';
session_start();
$err_msg = "test";
if(isset($_POST["submit-btn"])){
$acct_id = $_POST["acct-id"];
$sql = "SELECT * FROM accounts WHERE acct_id='$acct_id'";
if ( $result = $conn->query($sql) ){
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$err_msg = "This account already exists.";
}
$_SESSION['err_msg'] = $err_msg;
header('Location: test.php');
}
}else {
$output="Error en la consulta: ".$conn->error;
}
}
?
<?php
include 'submitData.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form action="submitData.php" method="POST">
<input type="text" name="acct-id">
<input type="submit" name="submit-btn">
<?=$_SESSION['err_msg']?>
</form>
</body>
</html>
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 7 years ago.
I have a PHP register form and every time I enter a name and password into the form it says "unexpected $end on line 52". The code is below for the index:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="handler.php" method="post">
<h1>Register</h1>
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" value="submit" />
</form>
</body>
</html>
handler:
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$counter = 0;
class MyDB extends SQLite3
{
function __construct()
{
$this->open('db/test.db');
}
}
$db = new MyDB();
$sql =<<<EOF
SELECT username from users WHERE username='$username';
EOF;
$ret = $db->query($sql);
while($row = $ret->fetchArray(SQLITE3_ASSOC)){
$counter++;
}
if($counter >= 1){
echo "user already exists. click <a href='index.php'>here </a> to go back";
}
if($counter = 0){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql2 =<<<EOF
INSERT INTO users(ID, username, password) VALUES (null, '$username', '$password');
EOF;
header('Location: index.php');
}
?>
</body>
</html>
As the documentation mentions, heredoc closing tags cannot be indented, or in fact cannot contain any other characters.
So your second EOF should be like this:
if($counter == 0){ //Need to validate if the counter is 0
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql2 =<<<EOF
INSERT INTO users(ID, username, password) VALUES (null, '$username', '$password');
EOF;
header('Location: index.php');
}
(Also note the $counter == 0 change as suggested by jqheart)
(In fact, for this particular case I think it would be better to use a regular string as it would make the code cleaner)
I'm currently working on a project for my php course. The project involves making both a log-in and registration form, and to validate their information using an SQL query. I have most of it working, but the page will let you log in if you type an email address from the database and you put anything in the password field (regardless of it being correct). Here is the coding that I have, with the code to display the form first, named 'login.php':
<?php
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
$labels = array("email" => "Email:",
"password" => "Password:");
$submit = "Submit";
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login Form</title>
</head>
<body>
<h2>Login Form</h2>
<?php
echo "<form action='' method='POST'>";
foreach($labels as $field => $label)
{
if($field != "password")
{
echo("<div class='field'><label for='$field'>$label</label>
<input type='text' name='$field' id='$field' value='".#$$field."'></div>\n");
}
else
{
echo("<div class='field'><label for='$field'>$label</label>
<input type='password' name='$field' id='$field' value='".#$$field."'></div>\n");
}
}
echo"<div class='field'><input type='hidden' name='submitted' value='yes'>
<input type='submit' name='submit' value='$submit'></div>";
?>
</body>
</html>
The following code is the validator:
<?php
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
include("dbinfo2.inc");
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
{
foreach($_POST as $field => $value)
{
if(empty($value) or !empty($value))
{
$email_patt = "/^.+#.+\\..+$/";
if(preg_match("/email/i",$field))
{
if(!preg_match($email_patt,$value))
{
$error_array[] = $field;
}
}
if(preg_match("/password/i",$field))
{
if(empty($value))
{
$error_array[] = $field;
}
}
$good_data[$field] = strip_tags(trim($value));
}
}
if(#sizeof($error_array) > 0)
{
$message = "<p class='error'>Your login information is incorrect.</p>";
echo $message;
extract($good_data);
include("login.php");
exit();
}
else
{
$cxn = mysqli_connect($host,$user,$passwd,$dbname) or die("Couldn't connect to server.");
foreach($good_data as $field => $value)
{
$clean_data[$field] = mysqli_real_escape_string($cxn,$value);
}
$sql = "select * from customerdata where email='$good_data[email]' and password='$good_data[password]'";
$result = mysqli_query($cxn,$sql) or die("<p class='error'>Login information is invalid.</p>");
include("success.php");
}
}
else
{
include("login.php");
}
?>
</body>
</html>
What do I need to change to make this function correctly?
You're success/failure condition shouldn't be the result of the mysqli_query call. That will just indicate if the query executed successfully or not.
(http://php.net/manual/en/mysqli.query.php)
You login is always succeeding because your query is syntactically valid and runs without errors.
You'll want to check the number of returned rows to confirm that there is exactly one.
I have been using the same as written. But whenever I click on it, it gives an error
Notice: Undefined index: username in D:\xamp\htdocs\xampp\new\login.php on line 3
Notice: Undefined index: password in D:\xamp\htdocs\xampp\new\login.php on line 4
please enter username and password
My HTML is:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="POST">Username:
<input type ='text' name="username" /><br />
password<input type="password" name="password" /><br />
<input type="submit" value="login" /></form>
</body>
</html>
While my PHP is:
<?php
$username = '$_POST[username]';
$password = '$_POST[password]';
if($username && $password)
{
$connect = mysql_connect(“localhost”, “root”, “”);
$query=mysql_query("SELECT * FROM usres WHERE username=$username");
$numrows = mysql_num_rows($query);
if (!connect) {
die('Connection Failed: ' . mysql_error());
}
mysql_select_db(“phplogin”, $connect);
}else{
die("please enter username and password");
enter code here
}
?>
Try this one
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$connect = mysql_connect("localhost", "root", "");
if (!$connect) {
die('Connection Failed: ' . mysql_error());
}
mysql_select_db("phplogin", $connect);
if($username && $password) {
$query=mysql_query("SELECT * FROM usres WHERE username='".$username."' ");
$numrows = mysql_num_rows($query);
if($numrows > 0){
//redirect to other page
}else{
echo "please enter username and password";
}
} else {
echo "please enter username and password";
}
?>
I have the following log in script that is run when a user hits the submit button on the login form on www.msheeksproductions.com. I have removed the DB login info for security reasons.
<?php
error_reporting(E_ALL);
$user = '***************';
$pass = '***************';
$host = '***************';
$data = '***************';
$userN=$_POST['userN'];
$passW=$_POST['passW'];
mysql_connect($host, $user, $pass)or die("Could not connect");
mysql_select_db($data)or die("Database Not Found");
$query="SELECT userID FROM sec_login WHERE Username='$userN' AND Password='passW'";
$result=mysql_query($query) or die(mysql_error());
$user=mysql_num_rows($result);
if($user==1) {
session_register("userN");
header("location: ../index.php");
}
else {
echo("You have entered invalid login information.");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
</body>
</html>
My issue is, if you land on the security.php page, nothing happens. The PHP script doesn't seem to be being executed at all. I'm not sure if I have a syntax error somewhere, or if it's a configuration issue with my hosting account. The server is using PHP 5.2. Does anyone know if there are known issues with Bluehost for these sorts of things? If there's a coding error, then obviously I would love to know as well. I'm new to this, so I may not have done everything right.
Also, I am attempting to call the variable again in the index.php file, which seems to not return any data.
<?php $usr=$_SESSION['username'];
echo "User Name Is: $usr"; ?>
Thanks in advance!
Please consider the following:
Beware of SQL injection(Stopped by mysql_real_escape_string);
Beware of session fixation / hijacking;
Beware or brute force attacks;
Please check http://php.net/pdo for better error handling and query parameters....
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = '***************';
$pass = '***************';
$host = '***************';
$data = '***************';
mysql_connect($host, $user, $pass) or die("Could not connect");
mysql_select_db($data) or die("Database Not Found");
$result=mysql_query("SELECT COUNT(1) FROM sec_login WHERE Username='".mysql_real_escape_string($_POST['username'])."' AND Password='".mysql_real_escape_string($_POST['password'])."'") or die(mysql_error());
if(mysql_result($result) == 1) {
$_SESSION['username'] = $_POST['username'];
header("location: ../index.php");
exit;
} else {
$message = 'You have failed to provide valid credentials.';
}
} else {
$message = '<form method="post">
<input type="text" name="username" value="username" />
<br />
<input type="password" name="password" value="password" />
<br />
<input type="submit" />
</form>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php echo $message; ?>
</body>
</html>
Alright, in case anyone stumbles upon this and needs an example. The following is the code I am now using for a functioning log in script:
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = '***********';
$pass = '***********';
$host = '***********';
$data = '***********';
mysql_connect($host, $user, $pass) or die("Could not connect");
mysql_select_db($data) or die("Database Not Found");
$result=mysql_query("SELECT userID FROM sec_login WHERE Username='".mysql_real_escape_string($_POST['userN'])."' AND Password='".mysql_real_escape_string($_POST['passW'])."'") or die(mysql_error());
if(mysql_num_rows($result) == 1) {
$_SESSION['login']=1;
$_SESSION['username']=$_POST['userN'];
$session= session_name() . '=' . session_id();
header("location: ../index.php?".$session);
exit();
} else {
$message = 'You have failed to provide valid credentials.';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php echo $message; ?>
</body>
</html>
connection variables omitted, of course. In order for the other pages to get at the session variables be sure that every page starts with (On literally the first line of code, before even your doctype declaration)
Thanks for you help folks!