I have link change password in my home page..NOw i am telling you what i am doing...
First of all i creating a html form named edit_profile.php in which i have three textboxes old password,new password,confirm password.I have attcahed this page as a link to home page for changing password.
Next page i have designed named edit_profile1.php in which i am comaparing if new password and confirm passwords are equal or not
Then i making a query to search data with password = old password
But this page is not working.Now i am giving you the code both files and in last i will tell you what type error i am facing..
edit_profile.php
<?php
session_start();
?>
<html>
<body bgcolor="pink">
<table cellpadding="10" cellspacing="6" align="center" width="500">
<form name="form" action="edit_profile1.php" method="POST" >
<tr>
<td><b><i>Your Username</i></b></td>
<td><input type="text" name="username" id="username" size="30" maxlength="30" value="<?php echo $_SESSION['employee']['username']; ?>" disabled="disabled"></td>
</tr>
<tr>
<td><b><i>Old Password</i></b></td>
<td><input type="password" name="opassword" id="opassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>New Password</i></b></td>
<td><input type="password" name="npassword" id="npassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>Confirm Password</i></b></td>
<td><input type="password" name="cpassword" id="cpassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td align="center" colspan="100"> <input type="submit" name="submit" value="Change Password"></td>
</tr>
</table>
</body>
</html>
Next Page
Next page is for edit_profile1.php
<?php
session_start();
if(isset($_POST['opassword']) && ($_POST['npassword']))
{
$con=mysql_connect("localhost","root","");
if(!$con)
{
die('Could Not Connect:'.mysql_error());
}
mysql_select_db("tcs",$con);
$a=$_POST['opassword']; //old password value
$b=$_POST['npassword']; //new password value
$c=$_POST['cpassword'];
if ($b==$c) //checking if both new passowrd and c.password are equal or not
{
$pwd=hash('sha1',$b); //new value is assigned to pwd variable
$usr=$_SESSION['employee']['username']; //this varaible have value of username
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
$result=mysql_query($query,$con);
$count = mysql_num_rows($result);
if ($count == 1)
{
$sql="update employee set Password='$pwd'";
$deepak=mysql_query($sql,$con);
if($deepak)
{
echo "Updation Successfull";
}
else
{
echo "Updation Not Possible.Some Error is there";
}
}
else
{
echo "There is some problem in macthing the old password with database password";
}
}
else
{
echo "Both Passwords are Not equal";
}
}
else
{
echo 'Error! Passwords were not sent!';
}
?>
<html>
<body bgcolor="orange">
<h4 style="position: relative;">Home Page</h4>
</body>
</html>
Error:
Every time i try to execute my programe the error is
Thhere is some problem in macthing the old password with database password
Now i am not getting where i am falling wrong.In database i have only one user row.Plz tell me what is error
Shouldn't
$query="select * from employee where Username='{$usr}' and Password='{$c}'";
be
$a = hash('sha1', $a); // added after conversation in comments
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
instead? ($a instead of $c..)
Your script seems vulnerable to mysql-injection!
Apply mysql_real_escape_string to every value you insert in your SQL-Query!
It may be possible that your comparison doesn't work because there are extra spaces in the values your retrieve from the form. Try:
$a=trim($_POST['opassword']); //old password value
$b=trim($_POST['npassword']); //new password value
$c=trim($_POST['cpassword']);
Also:
if(isset($_POST['opassword']) && ($_POST['npassword']))
will not work.
You have to use:
isset($_POST['opassword']) && isset($_POST['npassword'])
Related
I have made a crud project with file upload functionality. For that, each time a user registers in the page a folder with his/her unique id name should be created in the main folder which has been created originally.
If that user, after logging in, uploads the file, it should get stored in that folder which was automatically created when he had registered himself.
For this , I have two files; register.php (code for register functionality) and add.php (for uploading data and file):
Code(Register.php):
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$user = $_POST['username'];
$pass = $_POST['password'];
mkdir("C:/xampp/htdocs/crud/crud_html/'.$name.'/");
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
else{
continue;
}
}
} else {
?>
<p><font size="+2">Register</font></p>
<form name="form1" method="post" onsubmit="return validatename()" action="">
<table width="75%" border="0">
<tr>
<td width="10%">Full Name</td>
<td><input type="text" name="name" maxlength="20" id="t1" required></td>
</tr>
<tr>
<td><label for="email">Email</label></td>
<td><input type="email" name="email" required ></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" maxlength="10" id="t2" required></td>
</tr>
<tr>
<td><label for="psw">Password</label></td>
<td><input type="password" name="password" required id="psw" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
But this code is not working.
What correction is needed?
I believe the main problem is you reference, in your move_uploaded_file() function a variable called $newd, but in your code above, it looks like you named it $uploads_dir. The below code, simplified from yours, works for me.
Register.php
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
//check if the folder exists
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
}
}
Add.php
<?php
//only run this if the form was submitted
if(isset($_POST['Submit'])) {
$pname = rand(1000,10000)."-".$_FILES["file"]["name"]; #file name with random number so that similar don't get replaced
//get the name of the uploaded file
$tname = $_FILES["file"]["tmp_name"];
//set your upload directory
$uploads_dir= __DIR__;
//move the uploaded file to the new directory
move_uploaded_file($tname, $uploads_dir.'/'.$pname);
}
?>
<!--form that will allow the user to upload a file-->
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="Submit" />
</form>
EDIT: The code now works. Added some code to the initial source code below.
So I have a database named payload and in it there's two tables; one named users and the other named tohere. Both of these tables just have two columns; userName and password. The tohere table is empty. The users table, however, has two populated rows. First row has admin and admin123 as the userName and password respectively. The second row has visitor and visitor123 as the userName and password respectively. There's a HTML form with two input fields where users enter a username and password. Now the idea is, if the username and password they enter in the form matches the records in the users table, I want those contents submitted to the tohere table which is currently empty. How do I accomplish that?
I have tried the following code which doesn't seem to work;
<html>
<head>
<title>
</title>
<?php
$message = "";
$theusername = $_POST['userName'];
$thepass = $_POST['password'];
if (count($_POST) >
0) {
$conn = mysqli_connect("localhost", "root", "", "payload");
$result = mysqli_query($conn, "SELECT * FROM users WHERE userName='" . $_POST["userName"] . "' and password = '" . $_POST["password"] . "'");
$count = mysqli_num_rows($result);
if ($count == 0) {
$message = "Invalid Username or Password!";
} else {
$sqltwo = "INSERT INTO tohere (userName, password) VALUES ('$theusername', '$thepass')";
//The below if statement was missing.
if(!mysqli_query($conn, $sqltwo)){
echo "Failed!";
}
else{
echo "Success!";
}
}
}
?>
</head>
<body>
<form action="" method="post" name="frmUser">
<div class="message">
<?php if ($message != "") {echo $message;}?>
</div>
<table align="center" border="0" cellpadding="10" cellspacing="1" class="tblLogin" width="500">
<tr class="tableheader">
<td align="center" colspan="2">
Enter Login Details
</td>
</tr>
<tr class="tablerow">
<td>
<input class="login-input" name="userName" placeholder="User Name" type="text"/>
</td>
</tr>
<tr class="tablerow">
<td>
<input class="login-input" name="password" placeholder="Password" type="password"/>
</td>
</tr>
<tr class="tableheader">
<td align="center" colspan="2">
<input class="btnSubmit" name="submit" type="submit" value="Submit"/>
</td>
</tr>
</table>
</form>
</body>
</html>
So far, this code works, but only partially. When I enter username and password not in the users table, I get the message "Invalid Username or Password!", which is fine, but when I enter records that are in the users table, the form does not get submitted to the tohere table. In fact, nothing happens. Just a blank white screen. What gives?
I've created a add user page where users can be added to the database, the code is below i would want to compare two textbox and if they are matching(password=conform password) then it should be inserted in the database , how can i achieve that in php
<?php
require("../connect.php");
error_reporting(0);
/*
if(!(adminsessioncheck()))
header('location:index.php'); */
if(isset($_POST['add']))
{
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
?>
<div style=" width:250px; margin-left:auto; margin-right:auto;">
<div class="heading1" style="text-align:center">Add a new User</div>
<br>
<form action="" method="post" onsubmit="msgbox()">
<table width="330" height="135" border="0" class="text">
<tr>
<td><label>User Name</label></td>
<td><input type="text" name="username" id="username" required></td>
</tr>
<tr>
<td><label>Password</label></td>
<td><input type="password" id="password" name="password" required></td>
</tr>
<tr>
<td><label>Confirm Password</label></td>
<td><input type="password" id="cpassword" name="cpassword" required></td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><td></td><td align="center"><input type="submit" name="add" value="Add"></td></tr>
</table>
</form>
</div>
</div>
Simple.
if($_POST['password'] !== $_POST['cpassword']) {
header("location:index.php")
} else {
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
To only check after post you can do this.
if(isset($_POST['add']))
{
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
if($_POST['password'] == $_POST['cpassword'])
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
else
//create error message
}
But it would be better to check before posting. Also NEVER insert unsanitized data into your database! ever! Plus others will tell you so i might as well mention mysql is deprecated, check out mysqli instead.
if(isset($_POST['add']))
{
$username=$_POST['username'];
$password=$_POST['password'];
if ($_POST['password']!= $_POST['cpassword'])
{
echo("Password did not match! Try again. ");
}
else
{
mysql_query("INSERT INTO user VALUES('','$username','$password')") or die(mysql_error());
}
}
I am making a web with a login system which is working fine.
I have also made a page which one has to log in to view. It is also working fine and when a user logs in it also gives a welcome "username" message.
However for an unknown reason this session variable is not being stored to the other pages. The thing is that I used the same methods which I used for the page with login restrictions.
Below is my login page. (works fine).
<?php
session_start();
?>
<form id="login_form" method="post" action="">
<p>
<?php
if(isset($_POST["username"]) && isset($_POST["password"])){
$username = $_POST["username"];
$password = $_POST["password"];
if(strlen($username) < 4 || strlen($password) < 4){
echo "Username or Password are invalid.";
}else{
require("connect.php");
$login = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' ") or die(mysql_error());
if(mysql_num_rows($login) == 0){
echo "Username or Password are incorrect!";
} else{
require("member.php");
$member_info = mysql_fetch_assoc($login);
setMember($member_info["id"]);
$_SESSION['user'] = "$username";
echo "Welcome ".$member_info["fname"]." ".$member_info["lname"]."<br />";
echo "Redirecting... Please wait.";
jumpTo("my_logs_testing.php",2);
}
//Free result & close connection.
mysql_free_result($login);
mysql_close($link);
}
}else{
}
?>
</p>
<table frame="box" bgcolor="" width="40%" border="0" cellpadding="6" align="center">
<tr>
<td colspan="2"><div align="center"><font color="#FFFFFF"><strong>Diving Advisor | Log In System</strong></font> </div> </tr>
<tr>
<td width="25%"><font color="#FFFFFF"><strong><label for="username2">Username:</label></strong></font></td>
<td width="75%" align="left"><input name="username" type="text" id="username" size="30" maxlength="20" /></td>
</tr>
<tr>
<td><font color="#FFFFFF"><label for="password"><strong>Password:</label></strong></font></td>
<td align="left"><input name="password" type="password" id="password" size="30" maxlength="20" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit_login" id="submit_login" value="Log In" /></td>
</tr>
</table>
</form>
This is the page with login restriction (works fine).
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
if( !isMember() ){
header("Location: login.php");
} else {
?>
<?php
if(mysql_connect('localhost', 'root','') && mysql_select_db('diving_advisor')){
echo "Welcome ".$current_user;
$errors = array();
if(isset($_POST['datepicker'],$_POST['location'],$_POST['description'])) {
cont.......................
And this is one of the the other pages which is not working (session variable seems to be lost! HERE IS THE PROBLEM!!!!
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
?>
Here is code from template.......................
Then the editable region....
<?php
echo $current_user;
?>
<p><strong>Heading 1</strong></p>
<p>This is the home page of the diving advisor application.
Lore......
echo $currentuser is printing nothing on the page. It is suppose to print the logged in user but for some reason it is not.
Please help cause i really do not know what is wrong!!
Tks in advance.
session_start();
Needs to be the first thing that is called on each page.
I am trying to create simple user registration form. I have an index.html file and a register.php file. When I click the submit button it goes to the register.php page, but nothing happens. There's no error or anything. I have some echo statements in register.php but they also don't work.
This is the code for index.html:
<form action="register.php" method="post">
<table width="384" border="1" align="center">
<? echo '<tr><td colspan="2">'.$final_report.'</td></tr>';?>
<tr>
<td width="50%">Username:</td>
<td width="50%"><label>
<input name="username" type="text" id="username" size="30" />
</label></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" value="" size="30" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" type="text" id="email" size="30" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="register" type="submit" id="register" value="Register" />
</label></td>
</tr>
</table>
</form>
This is code for register.php:
<?
include_once"config.php";
if(isset($_POST['register'])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y");
if($username == NULL OR $password == NULL OR $email == NULL){
$final_report.= "Please complete the form below..";
}else{
if(strlen($username) <= 3 || strlen($username) >= 30){
$final_report.="Your username must be between 3 and 30 characters..";
}else{
$check_members = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
if(mysql_num_rows($check_members) != 0){
$final_report.="The username is already in use!";
}else{
if(strlen($password) <= 6 || strlen($password) >= 12){
$final_report.="Your password must be between 6 and 12 digits and characters..";
}else{
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$final_report.="Your email address was not valid..";
}else{
$create_member = mysql_query("INSERT INTO `members` (`id`,`username`, `password`,`email`, `ip`, `date`)
VALUES('','$username','$password','$email','$memip','$date')");
$final_report.="Thank you for registering, you may login.";
}}}}}}
?>
Can anyone see the error?
include_once"config.php"
You seem to be missing a space. Either make it include_once "config.php" (notice the space in between) or include_once("config.php").
Also you set $final_report in register.php but I don't see where you are actually printing anything.
Edit: I see you are trying to print $final_report in index.php. This won't work as you expect unless you include the register.php code directly into index.html. Why don't you just have a single register.php file with both the registration script and the HTML code?