PHP - After Successful Login...what Next?

So, I have a script that works downloading a file - excerpt below:

Code: [Select]
header("Pragma: public");
header("Expires: 0");
header('Content-type: "application/octet-stream"');
header("Cache-Control: private",false);
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
$f = "Content-Disposition: attachment; filename=\"".$myfile['downloadname'].".".$myfile['ext']."\"";
header($f);
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($file));
    ob_clean();
    flush();
readfile("$file");
exit();
I record elsewhere in a mysql database when the script is started.

In addition, I'd like to be able to record whether the download completes (successfully or otherwise). 

As it is, the script can run and the user press cancel and it looks like a download but isn't.

Is this possible?  If so, how?

Your help, as ever, gratefully received.

I have a function to writes data I want to make sure it was successful.

my function:
Code: [Select]
function save_ini_file($filename,$content)
{
$File = "ini_files/". $filename . ".ini";

echo $File;
$Handle = fopen($File, 'w');
$info = $content;
fwrite($Handle, $info);
fclose($Handle);

  return true;
}
the if statement that calls the function.
Code: [Select]
if(!save_ini_file($serial,$data))
{
echo "did not write";
}else{
echo "did write";
}

the file is being created but I am getting the "did not write" echoed

Hello,

I'm trying to store the match I get in $result to a variable so that I can easily compare its other values against other values. Here is my code..

//loop through new orders array
foreach ( $orders as $order ) {
	
	//compare job number and line item against database information for a match
	if ( array_search ( $order[ 'job_number' ], array_column ( $result, 'job_number' ) ) !== false && array_search ( $order[ 'line_item' ], array_column ( $result, 'line_item' ) ) !== false ) {
		
		$db_match = key($result);
		
		echo '<br><br>'.$db_match.'<br><br>';
		
		echo 'Job: ' . $order['job_number'] . '/Line Item: ' . $order['line_item'] . ' was found<br>';
	
	//new order which doesn't exist in database
	} else {
		echo 'Job: ' . $order['job_number'] . '/Line Item: ' . $order['line_item'] . ' was not found<br>';
	}
}

When I do $db_match = key($result); I get 0 each time and when I do: 

$db_match = array_search ( $order[ 'job_number' ], array_column ( $result, 'job_number' ) ) !== false && array_search ( $order[ 'line_item' ], array_column ( $result, 'line_item' ) ) !== false;

I get 1 each time...which I assume is the number of matches which meet that criteria instead of the array key I found a match on.

Edited May 8, 2020 by mongoose00318

Not sure exactly what my problem is here, but i have looked at this at least a hundred times and I just can't figure out what is going on.  Everything works great except for the sending the email part.  It displays the error "There was a problem sending the mail".  The form field checking works fine, the insert into mysql works fine - - but it won't send the email.  I have tried using double quotes and single quotes for the email information ($to, $subject, etc...) I have even eliminated the form data from the email information and it still doesn't send.  I am hopelessly stuck at this point     Any ideas??  Code below:

<html>
<body bgcolor = 'blue'>
<div align = 'center'>
<h1>test FORM</h1>
</div>
<p>
<?php

If ($_POST['submit']) //if the Submit button pressed
{
//collect form data

$fname = $_POST['FName'];
$lname = $_POST['LName'];
$email = $_POST['Email'];
$tel = $_POST['Tel'];
$mess = $_POST['Mess'];


$errorstring = "";

if (!$fname)
$errorstring = $errorstring."First Name<br>";
if (!$lname)
$errorstring = $errorstring."Last Name<br>";
if (!$email)
$errorstring = $errorstring."Email<br>";

if ($errorstring !="")
echo "<div align = 'center'><b>Please fill out the following fields:</b><br><font color = 'red'><b>$errorstring</b></font></div>";
else
{

$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$email = mysql_real_escape_string($email);
$tel = mysql_real_escape_string($tel);
$mess = mysql_real_escape_string($mess);

$con = mysql_connect("localhost","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("mec", $con);

$sql="INSERT INTO formtest (FName, LName, Title, Tel, Email, Mess)
VALUES ('$fname','$lname','$title','$tel','$email','$mess')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$to = 'myemailaddress';
$subject = 'test form';
$message = 'Hello';
$headers = 'From Me';
$sent = mail($to, $subject, $message, $headers);
if($sent)
{print "Email successfully sent";}
else
{print "There was an error sending the mail";}

mysql_close($con);

}


}

?>
<p>
<form action= 'testmecform.php' method= 'POST'>

                  
  <table width = '640' border = '0' align = 'center'>
    <tr> 
      <td align = 'right'><b>First Name</b></td>
      <td><input type = 'text' name = 'FName' value = '<?php echo $fname; ?>' size = '25'></td>
      <td><div align = 'right'><b>Telephone</b></div></td>
      <td><input type = 'text' name = 'Tel'  value = '<?php echo $tel; ?>' size = '25'></td>
    </tr>
    <tr> 
      <td align = 'right'><b>Last Name</b></td>
      <td><input type = 'text' name = 'LName' value = '<?php echo $lname; ?>' size = '25'></td>
  <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td align = 'right'><b>Email</b></td>
      <td><input type = 'text' name = 'Email'  value = '<?php echo $email; ?>' size = '25'></td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <th colspan = '4'><b>Please enter any additional information he </b></th>
    </tr>
    <tr> 
      <th colspan = '4'><textarea name = 'Mess' cols = '50' rows = '10'><?php echo $mess; ?></textarea></th>
    </tr>
    <tr> 
      <th colspan = '4'><b>Please make sure all information is correct before submitting</b></th>
    </tr>
    <tr> 
      <th colspan = '4'><input type = 'submit' name = 'submit' value = 'Submit Form'></th>
    </tr>
  </table>
</form>
</body>
</html>

I have a page that functions like this:   The user begins by loading ajaxtest.php, then using a drop-down menu, selects a user, after which a DIV on ajaxtest.php is populated with the user's selction to getuser.php?q=John%Doe   Here's a visual representation of what is currently happening, along with the part I don't understand.   getuser.php consists largely of a a large HTML table which interacts through PHP with my SQL database.  Several of the fields in this table are editable, and after the user changes one of these fields, he can press an "update" button, which calls an AJAX script in update.js and runs update.php, which contains all my SQL queries to update the database, without the user being redirected to this update.php page. All of this is processing perfectly - the user makes some sort of edit, hits "update", and the database gets updated without any redirection or refresh.   Here's what I can't figure out though.  Once the user makes a change, and hits "update," the database updates, but the end user doesn't see those changes that he made.  I can't just do a simple page refresh, because the action is taking place on getuser.php, but getuser.php is loaded inside of a #DIV on ajaxtest.php.  If I use something like window.location.reload(), this just refreshes ajaxtest.php and puts the user back to the starting point of having to select a user.  This is not what I want.  I don't want to refresh ajaxtest.php, I want to "refresh" ajaxtest.php with getuser.php?q=John%Doe insidethe DIV on ajaxtest.php.   It seems like this is very common - several forums have this capability, where a user has a page loaded, adds a comment, and sees that comment immediately without a full page refresh.  I just don't know how to do it, and I've tried at lengths to search the web for an answer with no luck.   Can someone walk me through how to do this?

hi

i need help an idea how can i separate members from admins
since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 )   (its session login form only that i made it work other tutorials wre too old or something)
how what i want to do is separate members and admins because admin need more rights to do
now i have idea but dont know will it work like that
what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work?
and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag?

Hello guys,

Is there on web any updated tutorial on how can I add Facebook login on my simple php login script?

Hi guys.

What I want to create is really complicated. Well I have a login system that works with post on an external website.
I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users.
What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login".
 If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry".

So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login.

Any idea??

Thanks

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

How to add the ability to login with username or email for login?

 

<?php 
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
	header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
	if ($row = mysqli_fetch_array($result)) {
		$_SESSION['user_id'] = $row['uid'];
		$_SESSION['user_name'] = $row['user'];	
		$_SESSION['user_email'] = $row['email'];		
		header("Location: ../dashboard");
	} else {
		$error_message = "Incorrect Email or Password!!!";
	}
}
?>

 

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Hi Please comment on my attempt to create a PHP Login system. (Criticism is cool with me)

Assuming all mySQL queries has been sanitized

Registration
The user's Username and password gets stored in a "User" table.
Username is not encrypted but the password is encrypted.

Login
index.php
The index page holds the HTML Login form.

home.php
Gets the username and password variable from the form in index.php my use of $_POST

a mySQL query runs , (SELECT Username , Password  FROM users WHERE Username = '$Username' and Password = '$Password')
If a result was returned then start a session ,
get the session ID
encrypt the session id and store it into a variable

get the username from $_POST
encrypt the username and store it in variable.

then encrypt ($Username + $Password) and store this valie in a cookie lets call it UUID= encrypt ($Username + $Password,'Whate ever seed i want to use')
store the Username into a cookie.

this all happens in a function.
So on all other pages i would call authenticateme($Username,$Password) which will return
"5474575687568DSGSDFH76dFNGF>LJK" when true and when false it will return
"JFGNXOP{{O&^*%^zsfsd<<"

if (authenticateme($Username,$Password)=='5474575687568DSGSDFH76dFNGF>LJK')
{
//Authenticated Code here
}
else
{
//Not authenticated code here
}

Next time the user goes to index.php it will first check if the user has logged in or not by taking
the current encrypted session id & username from the cookie encrypt it all together.

Then match the result of the encrypted value to the saved cookie UUID, if they match it means its the same user.

then redirect to home.php else show the login  form

Safe or not save ?

Here is my code for the login script. Everything works perfectly, but everytime I enter everything CORRECTLY into the forum, it says "The username, ____, and password do not match!". When they do match.
If I leave the areas blank, they say "You must enter a username!" or "You must enter a password!".
All the error messages work good, but whenever I fill the form in correctly, it displays my first error message "The username, ____, and password do not match!".
Does anyone see what's wrong with it?

Code: [Select]
<?php
session_start();
include("config.php");

$username = $_POST['username'];
$usernamefinal = ucfirst(strtolower($username));
$password = $_POST['password'];

if (isset($_POST['submit']))
{
if(!empty($username))
{
if (!empty($password))
{
$sql = "SELECT username FROM members WHERE username='$usernamefinal'";
$result = mysqli_query($cxn, $sql) or die("Query died: username");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$sql = "SELECT username, password FROM members WHERE username='$usernamefinal' AND password=md5('$password')";
$result = mysqli_query($cxn, $sql) or die("Query died: username and password");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$sql = "SELECT userid FROM members WHERE username='$usernamefinal'";
$result = mysqli_query($cxn, $sql) or die("Query died: userid");
$row = mysqli_fetch_array($result);
$userid = $row['userid'];

$_SESSION['auth'] = "yes";
$_SESSION['username'] = $usernamefinal;
$_SESSION['userid'] = $userid;
$ipadd = $_SERVER['REMOTE_ADDR'];
$sql2 = "INSERT INTO login (userid, username, logintime, ipadd) VALUES ('$userid', '$usernamefinal', NOW(), inet_aton('$ipadd'))";
mysqli_query($cxn, $sql2) or die("Query died: login session");
header("Location: news.php");
}
else
{
$error = "The username, $usernamefinal, and password do not match!";
}
}
else
{
$error = "That username doesn't exist!";
}
}
else
{
$error = "You must enter a password!";
}
}
else
{
$error = "You must enter a username!";
}
}
?>

<?php include("header.php"); ?>

<h1>Login Form</h1>
<?php echo $error; ?>
<form action="<?php echo $_SERVER['SCRIPT_NAME'] ?>" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit" value="Login">
</form>

<?php include("footer.php"); ?>

Hi Guys, Im new here, Can someone please help me and tell me why my PHP code isn't working :/


<?php
session_start();
$sql = mysql_connect('localhost', 'putwriter_login', 'MyPassHere');

if(!$sql){

die(mysql_error());
}
mysql_select_db('putwriter_college');


$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['password']);


$sqlSel = mysql_query("SELECT * FROM `putwriter_college`.`Login` WHERE `EmailAddress`=$user AND `Password`=$pass LIMIT 1;");
while($row = mysql_fetch_assoc($sqlSel)){

echo 'Im probably not here';

if(($row['EmailAddress'] == $user) && ($row['Password'] == $pass)){

$_SESSION['loggedIn'] = md5('someSessId');

echo "<meta http-equiv='refresh' content='2;url=./home.php'>";

}else{

die('FAIL');

}
}

?>


This is what I get :
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/putwriter/domains/putwriter.co.uk/public_html/login.php on line 16