PHP - Login Link Not Working!

I'm making a login/sign up page and the following pieces are not working together properly. When I set up the login page following a guide, it had me direct input the structure and I added a user (password is encrypted). When I log in with that password/username, it passes authentication.php perfectly. When I use my signup form (signup.php is simply called by a button on an HTML), it fails saying "Incorrect Password!". I'd say it's failing because of encryption but it passes with my old login that is encrypted so I'm thoroughly lost.

Authentication.php

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'test';
$DATABASE_NAME = 'login';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
	// If there is an error with the connection, stop the script and display the error.
	die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
	// Could not get the data that should have been sent.
	die ('Please fill both the username and password field!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
	// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
	$stmt->bind_param('s', $_POST['username']);
	$stmt->execute();
	// Store the result so we can check if the account exists in the database.
	$stmt->store_result();
if ($stmt->num_rows > 0) {
	$stmt->bind_result($id, $password);
	$stmt->fetch();
	// Account exists, now we verify the password.
	// Note: remember to use password_hash in your registration file to store the hashed passwords.
	if (password_verify ($_POST['password'], $password)) {
		// Verification success! User has loggedin!
		// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
		session_regenerate_id();
		$_SESSION['loggedin'] = TRUE;
		$_SESSION['name'] = $_POST['username'];
		$_SESSION['id'] = $id;
		header('Location: dashboard.php');
	} else {
		echo 'Incorrect password!';
	}
} else {
	echo 'Incorrect username!';
}
	$stmt->close();
}
?>

 

Signup.php

<?php
 
// get database connection
include_once '../config/database.php';
 
// instantiate user object
include_once '../objects/user.php';
 
$database = new Database();
$db = $database->getConnection();
 
$user = new User($db);
 
// set user property values
$user->username = $_POST['uname'];
$user->password = base64_encode($_POST['password']);
$user->created = date('Y-m-d H:i:s');
 
// create the user
if($user->signup()){
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Signup!",
        "id" => $user->id,
        "username" => $user->username
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Username already exists!"
    );
}
print_r(json_encode($user_arr));
?>

 

login.php

<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/user.php';
 
// get database connection
$database = new Database();
$db = $database->getConnection();
 
// prepare user object
$user = new User($db);
// set ID property of user to be edited
$user->username = isset($_GET['username']) ? $_GET['username'] : die();
$user->password = base64_encode(isset($_GET['password']) ? $_GET['password'] : die());
// read the details of user to be edited
$stmt = $user->login();
if($stmt->rowCount() > 0){
    // get retrieved row
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    // create array
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Login!",
        "id" => $row['id'],
        "username" => $row['username']
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Invalid Username or Password!",
    );
}
// make it json format
// print_r(json_encode($user_arr));
if (in_array("Successfully Login!", $user_arr)) { 

	header('Location: ../../dashboard.html');
}
?>

 

Hi, I made a login/register system and it was working fine, but now I seem to have broken it and I'm scratching my head as to why. I think it's something to do with the $_SESSION array, the error happens from going from the login.php page to members.php, I log in successfully, but when I get to the members page it says "you must be logged in".

index.php has the form to login or a link to register.php to make an account
Code: [Select]
<?php session_start(); ?>
<html>
<head>
<title>Lincs Crusade | Login page.</title>
</head>
<body>
<form action="login.php" method="POST">
Username:
<input type="text" name="username"><br />
Password:
<input type="password" name="password"><br />
<input type="submit" value="Login">
</form>
<a href="register.php">Click here to register!</a>
</body>
</html>

The register.php page
Code: [Select]
<?php
session_start();
echo "<h2>Register</h2>";
$submit = $_POST['submit'];
$username = strip_tags($_POST['username']); 
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
$email = $_POST['email'];
$date = date("Y-m-d");

if ($submit) { 
if ($username&&$password&&$repeatpassword&&$email) {
if ($password==$repeatpassword) {
if (strlen($username)>65) { 
echo "Length of username is too long!"; 
} elseif (strlen($email)>100) { 
echo "Length of email is too long!";
} elseif (strlen($password)>65||strlen($password)<8) {
echo "Password must be between 8 and 65 characters long!"; 
} else {
include('functions.php'); 
echo "All fields were accepted! ";
$password = md5($password);
$repeatpassword = ($repeatpassword);
$email = md5($email);
connect(); 
mysql_query(" 
INSERT INTO users VALUES ('','$username','$password','$email','$date') 
") or die("Could not insert values into <em>users</em> table!");
mysql_query("
INSERT INTO stats VALUES ('$username',10,10,0,1)
") or die("Could not insert values into <em>stats</em> table!");
$_SESSION['username'] == $username;
die("You have been registered! Please return to <a href=\"index.php\">homepage</a> and login."); 
}
} else {
echo "Your passwords do not match!";
}
} else {
echo "Please fill in <em>all</em> fields!";
}
 
}
?>
<html>
<head>
<title>Lincs Crusade | Register an Account.</title>
</head>
<body>
<form action="register.php" method="POST">
<p>Your username:</p>
<p>Note: Do not use your real name.</p>
<input type="text" name="username" value="<?php echo $username ?>"/>=
<p>Choose a password:</p>

<input type="password" name="password" />
<p>Please repeat password:</p>
<input type="password" name="repeatpassword" />
<p>Your student email:</p>
<p>Note: This is only used for recovering a lost or forgotten password.</p>
<input type="text" name="email" /><br />
<input type="submit" value="Register" name="submit" />
<p>
Note: Your password and email are md5 encrypted. This means neither I (the author) or anyone else will be able to view your information<br />
in plain text. For example, your password or email will look something like this "534b44a19bf18d20b71ecc4eb77c572f" once it has been encrypted.
</p>
</form>
</body>
</html>

The login.php page that process the form data to access members.php page
Code: [Select]
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password) {
include('functions.php');
connect();
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query); 
if ($numrow!=0) { 
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&md5($password)==$dbpassword) { 
echo "You're in! - <a href=\"members.php\">Proceed to the members page</a>";
$_SESSION['username'] == $username; 
} else {
echo "Incorrect password!";
}
} else {
die ("That user doesn't exist,<a href=\"register.php\">please register an account</a>");
}
} else {
die("Please enter a username and password!");
} 
?>

The members.php page
Code: [Select]
<?php 
session_start();
?>
<html>
<head>
<title>Lincs Crusade | Members page.</title>
</head>
<body>
<?php
if ($_SESSION['username']) {
echo "Welcome," .$_SESSION['username']. "!<br />";
echo "<a href=\"stats.php\">View your stats.</a>";
} else {
die ("You must be logged in.");
}
?>
</body>
</html>

and this is what is in the functions.php file
Code: [Select]
<?php
function connect() {
    mysql_connect("localhost","root","password") or die ("Unable to connect");
mysql_select_db("database") or die ("Unable to find database");
}
?>

Thanks for your help.

I am totally new in PHP, can anyone help me with this problem:

Login Button is not working after clicking this button this should print a echo message.
 

<from action="" method="POST">

<input type="text" placeholder="username"> <br>

<input type="password" placeholder="Password"><br>

<input type="submit" name="login" value="Login"> 

</from> 

<?php if ( isset($_POST['login'])){

echo "hissssssssssssssssssss"; 

} 

?>

 

My Login Script is not working! Please someone help.  I am typing in the correct email and password!
Mysql Table
Table - Users
email varchar 100
password varchar 256

form
Code: [Select]

action/members.php
Code: [Select]
<?php
session_start();
include("../config.inc.php");
include("../classes/class.action.php");
if ($_POST['login'] && $_POST['*****'] == '*****') {
$info = array();
$info['email'] = $_POST['email'];
$info['password'] = hash("sha256", $_POST['password']);
if ($Action->Login($info)) {
$_SESSION['CPLoggedIn'] = $_POST['email'];
header("Location: ../index.php");
} else {
$Error[] = '- Please check you email and password!';
$_SESSION['CPErrors'] = $Error;
header("Location: ../index.php?action=LoginForm");
}
}
classes/class.actions.php
Code: [Select]
<?php
class Action {

var $Erros = array();

function Login($info) {
foreach ($info as $key => $val) {
if ($key = "password") {
$$val = mysql_real_escape_string($val);
$password = hash("sha256", $val);
$values[$key] = $password;
} else {
$values[$key] = mysql_real_escape_string($val);
}

}

$Sql = "SELECT * FROM Users WHERE email = '{$values['email']}' AND password = '{$values['password']}'";
$Query = mysql_query($Sql);
$Num = mysql_num_rows($Query);
if ($Num > 0) {
return true;
} else {
return false;
}
}
}
$Action = new Action;

My code does not have any errors.  However, when I test it, all it says is "you have entered an incorrect username and password.  But I can't even see the username and password text boxes to enter a username or password.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=348317.0

I am trying to create a remote login to one website using mine. The users will need to enter their username and password on my site, and if they are registered to my website, their login credentials will be sent to another website and a page will be retrieved. I am stuck at sending the users' data to the original site. The original site's viewsource is this..

<form method=post>
<input type="hidden" name="action" value="logon">
<table border=0>
<tr>
<td>Username:</td>
<td><input name="username" type="text" size=30></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" size=30></td>
</tr>
<td></td>
<td align="left"><input type=submit value="Sign In"></td>
</tr>
<tr>
<td align="center" colspan=2><font size=-1>Don't have an Account ?</font> <a href="?action=newuser"><font size=-1 color="#0000EE">Sign UP Now !</font></a></td>
</tr>
</table>

I have tried this code, but not works.

<?php
$username="username"; 
$password="password"; 
$url="http://www.example.com/index.php"; 

$postdata = "username=".$username."&password=".$password;

$ch = curl_init(); 
curl_setopt ($ch, CURLOPT_URL, $url); 
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); 
curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt ($ch, CURLOPT_REFERER, $url); 
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
curl_setopt ($ch, CURLOPT_POST, 1); 
$result = curl_exec ($ch); 
header('Location: track.html'); 
//echo $result;  
curl_close($ch);
?>

Any help would be appreciated, Thanks in advance.

I have a form on my website which actions login.php. The login.php code is below:

<?php
include('includes/classes.php.inc');
session_start();
$link = new BaseClass();
$data = $link->query("SELECT * FROM logins");
$pass_accepted = false;
if($_REQUEST['username'] && $_REQUEST['password']){
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
while($row = mysql_fetch_array($data)){
if(($row['username']==$useranme)&&($row['password']==$password){
echo 'Password correct!';
$_SESSION['loggedin']=true;
$pass_accepted = true;
} 
}
} else {
echo 'You did not enter a username or password!';
}
if(!$pass_accepted){ echo 'Your password is incorrect'; }
echo '<br>Please <a href="index.php">click here</a> to return to page'; 
?>

I have checked that my references are all correct however even when I enter the correct password it returns saying the password is incorrect. Any idea on why this could be? I am happy to answer any follow up questions.

Regards

Hello, for some reason I am unable to get the following code to work:

Code: [Select]
<?php
echo "<h1>Login</h1>";

if ($_SESSION['uid']) {
    echo "&nbsp; &nbsp; You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if (!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = addslashes(strip_tags(($_POST['username'])));
$pass = addslashes(strip_tags($_POST['password']));
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){

$query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'");
$row2 = mysql_fetch_assoc($query);
$locked = $row2['locked'];

$query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$active = $row3['active'];

$query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$email = $row3['email'];


if ($active ==1){

if ($locked == 0){

$date = date("j")."^{".date("S")."} ".date("F, Y");

mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'");

$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$previous = $_COOKIE['prev_url'];
echo "&nbsp; &nbsp; You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n";
}else
{
echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>.";
}
} else {
echo "You need to activate your account! Please check your email ($email)";
}
   }else {
                        echo "&nbsp; &nbsp; Username and password combination are incorrect!\n";
                    }
                }else {
                    echo "&nbsp; &nbsp; The username you supplied does not exist!\n";
                }
            }else {
                echo "&nbsp; &nbsp; You must supply both the username and password field!\n";
            }
}

}
?>
It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add.

Thanks,
Cameron

I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection):

$id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'";

$realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena];

$func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];

//Login if(!empty($username)) { // Check the email with database
$userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if( $userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } Else{ $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./index.php"); } } Else{ die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. } Else{ die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } ?>

Hi all

I have a page which has the following link on it:

<a href="view-listings.php?live&id=<?php echo $showlistings['id'] ?>" title="Click here to make this listing live"><img src="../images/not-live.gif" width="20" title="Click here to make this listing live" alt="Click here to make this listing live" /></a>

Which runs this part of the script:

if (isset($_GET['live'])) {
$liveid = $_GET['id'];
   mysql_query("UPDATE `listings` SET live = 1 WHERE id = '".$liveid."'");
   header ("Location: view-listings.php");
}

Which works great on Safari but it says "Page cannot be displayed" on a PC running Internet Explorer 8?

Please help!

Pete

This link is driving me crazy

<a id ="savepdf" href="invoice.php?invoice_id=<?=$invoiceID?>"value="Save This Invoice"><button class="block" id ="printbtn" onclick="myFunction()";>Save Invoice</button></a>

 

when a user selects this link it works ok saves a pdf file to a folder on server.

i want to relocate after link submitted.

If i use this link it does redirect but does not save the pdf file to folder on server

<a id ="savepdf" href="invoice.php?invoice_id=<?=$invoiceID?>"value="Save This Invoice" onclick="window.location.href='mypage.php'; ;return false;"><button class="block" id ="printbtn" onclick="myFunction()";>Save Invoice</button></a>

I have to make a calendar which can go back & forth between years and months. when you click on the month it is supposed to show the calendar of that month and the year you clicked.

you can view the site where i can put the php.
http://helios.ite.gmu.edu/~easad/lab7.php

Thanks a bunch!

Code: [Select]

 
 if ($_GET["year"]=="")
{
$year=date("Y");
$previousYear = $year-1;
$nextYear = $year+1;
}
else
{
$year=$_GET["year"];
$previousYear = $year-1;
$nextYear = $year+1;

}

 if ($_GET["month"]=="")
{
$month=date("n");

}
else
{
$month=$_GET["month"];


}

The link in the email is showing up as plain text and not as a link.  How do I fix this?

if($notify === true)
   {
      $sender = fetch_user_info(fetch_username_by_id ($user_info['uid']));
      $receiver = fetch_user_info(fetch_username_by_id ($uid));
      
      $sender['displayName']       = ucwords("{$sender['firstname']} {$sender['lastname']}");
      $receiver['displayName']   = ucwords("{$receiver['firstname']} {$receiver['lastname']}");
      
      $body = "<table>Hi ${receiver['firstname']},\n
      \n
      <a href=\"http://mysite.com/u/{$sender['username']}\" title=\"Go to {$sender['displayName']}'s profile\">{$sender['displayName']}</a> would like to be.\n
      Please sign in to .\n
      \n
      The who</table>";
   
   mail($receiver['email'], 'fssd', $body, 'From: noreply@site.com');
   // return $sender;
   }

Hi, I have a directory page the displays all names beginning with B across 3 columns, that part works fine but when I try to add a link on each of the results the link doesn't work. It's not picking up the $id or $name variables for some reason, can anyone tell me why this is? Any help would be very much appreciated.

Code: [Select]
<?php
$data = mysql_query("SELECT id, name FROM new WHERE name LIKE 'B%' ORDER by name ASC LIMIT 30");
$prev_row ='';

echo '<table width="690px">';
while($info = mysql_fetch_array( $data )) {

$letter = strtoupper(substr($info['name'],0,1));
if ($letter != $prev_row) {

if($count % 3) {

for ($i = ($count % 3); $i < 3; $i++) echo '<td>&nbsp;</td>';
echo '</tr>';
$count =0;

}
$prev_row = $letter;

echo '<tr><td class="directory-letter" colspan="3">',$letter,'</td></tr>';
}
$id = $row['id'];
$name = $row['name'];
if ($count % 3 == 0) echo '<ul><tr>';
$count++;
echo '<td width="230px"><li class="directory-store-name"><a href="directory/name.php?id=$id" title="$name" />', $info['name'],"</li></td>\n";
if ($count % 3 == 0) echo '</tr></ul>';
}
if($count % 3) {
for ($i = ($count % 3); $i < 3; $i++) echo '<td>&nbsp;</td>';
echo '</tr>';
}
echo '</table>';
?>