0

I am trying to make a login page. I've a database in which i have created a table named users, there are 2 fields which are need to be checked for login which are "username" & "password"..

Whenever user logs into the page & if the name is present in the table than it should log in else it should not and give error.
But 1 more error occurs in my code that when i use isset function to check my textfields it always returns me the string which is echoed in the else statement. (i.e "Something is wrong") which will be shown in the code below.

<!DOCTYPE html>
<?php

$hostname = "localhost";
$username = "root";
$password = "";

$db_connect = mysqli_connect($hostname, $username, $password);

if (!$db_connect){
    die("Database Connection Failed: " . mysql_error());
    }

$db_select = mysqli_select_db($db_connect,"hamdard_attendance");
if (!$db_select){
    die("Database Selection Failed: " . mysql_error());
    }

?>
<html>
<head>
<title>Quality Management Cell</title>
    <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7; IE=EmulateIE9">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no"/>
    <link rel="stylesheet" type="text/css" href="style.css" media="all" />
    <link rel="stylesheet" type="text/css" href="demo.css" media="all" />
</head>
<body>

<?php


    if(isset($_POST['name'])){
    $name=$_POST['name'];
    }
    else {
    echo "Something is wrong";
    }
    if(isset($_POST['email'])){
    $mail=$_POST['email'];
    }
    else {
    echo "Something is wrong";
    }
    if(isset($_POST['username'])){
    $user_name=$_POST['username'];
    }
    else {
    echo "Something is wrong";
    }
    if(isset($_POST['password'])){
        $user_password=$_POST['password'];
        }
    else {
        echo "Something is Wrong";
        }
    if(isset($_POST['phone'])){
        $phone_no = $_POST['phone'];
        }
    else {
        echo "Something is Wrong";
        }


$db_query = mysqli_query($db_connect, "INSERT INTO users(name, email, user_name, user_pass, contact_number)VALUES('". $name.  "','".$mail."', '".$user_name."','".$user_password."','". $phone_no."')");


if(!$db_query){
    die("Database Query Failed: " . mysql_error());
    }
?>

<div class="container">
            <!-- freshdesignweb top bar -->
            <div class="freshdesignweb-top">
                <a href="http://www.freshdesignweb.com" target="_blank">Home</a>
                <span class="right">
                    <a href="http://www.freshdesignweb.com/beautiful-registration-form-with-html5-and-css3.html">
                        <strong>Back to Login Page</strong>
                    </a>
                </span>
                <div class="clr"></div>
            </div><!--/ freshdesignweb top bar -->
            <header>
                <h1><span>Hamdard Institute of Information Technology</span> Quality Management Cell Registration</h1>
            </header>       
      <div  class="form">
            <form id="contactform" method="post" action="index.php"> 
                <p class="contact"><label for="name">Name</label></p> 
                <input id="name" name="name" value="name" placeholder="First and last name" required tabindex="1" type="text"> 

                <p class="contact"><label for="email">Email</label></p> 
                <input id="email" name="email" placeholder="example@domain.com" required type="email"> 

                <p class="contact"><label for="username">Create a username</label></p> 
                <input id="username" name="username" placeholder="username" required tabindex="2" type="text"> 

                <p class="contact"><label for="password">Create a password</label></p> 
                <input type="password" id="password" name="password" required> 
                <p class="contact"><label for="repassword">Confirm your password</label></p> 
                <input type="password" id="repassword" name="repassword" required> 

               <fieldset>
                 <label>Birthday</label>
                  <label class="month"> 
                  <select class="select-style" name="BirthMonth">
                  <option value="">Month</option>
                  <option  value="01">January</option>
                  <option value="02">February</option>
                  <option value="03" >March</option>
                  <option value="04">April</option>
                  <option value="05">May</option>
                  <option value="06">June</option>
                  <option value="07">July</option>
                  <option value="08">August</option>
                  <option value="09">September</option>
                  <option value="10">October</option>
                  <option value="11">November</option>
                  <option value="12" >December</option>
                  </label>
                 </select>    
                <label>Day<input class="birthday" maxlength="2" name="BirthDay"  placeholder="Day" required></label>
                <label>Year <input class="birthyear" maxlength="4" name="BirthYear" placeholder="Year" required></label>
              </fieldset>

            <select class="select-style gender" name="gender">
            <option value="select">i am..</option>
            <option value="m">Male</option>
            <option value="f">Female</option>
            <option value="others">Other</option>
            </select><br><br>

            <p class="contact"><label for="phone">Mobile phone</label></p> 
            <input id="phone" name="phone" placeholder="phone number" required type="text"> <br>
            <input class="buttom" name="submit" id="submit" tabindex="5" value="Register" type="submit">      
   </form> 
</div>      
</div>

</body>
</html>
<?php
mysqli_close($db_connect);
?>

Kindly help me out in removing this error & kindly tell me that is this code correct for the login scenario which i have explained?

3
Contributors
7
Replies
27
Views
3 Years
Discussion Span
Last Post by engrjd91
0

Here's a slightly cleaned up version... not tested

<?php
//CHECK FOR FORM SUBMISSION
if(!empty($_POST))
{
    //MYSQLi CONNECTION DETAILS - All this could go into an include file above the public root
    $hostname = "localhost";
    $username = "root";
    $password = "";
    $db = "hamdard_attendance";

    //CHECK INDIVIDUAL FORM ITEMS
    $errors = array();
    $checkRequiredPost = array('name','email','username','password','phone');
    $post = array_map("trim", $_POST);

    foreach($checkRequiredPost as $item) if(empty(trim($post[$item]))) $errors[] = strtoupper($item) . ' is missing';

    //The above should include robust checking on all fields, e.g. alphanumerics on some, pw lengths etc
    //This example is particularly weak - for example a DB check for duplicate username should be included
    //ALso there's nothing here for repassword for some unknow reason
    //You also forget to hash the password - DO NOT store passwords as plaintext!!


    //RUN SQL if all fields pass validation - assume $post['password'] has been hashed securely NOT md5 / sha1
    if(empty($errors))
    {
        $mysqli = new mysqli($hostname, $username, $password, $db);

        /* check connection */
        if (mysqli_connect_errno()) 
        {
            //for development site
            printf("Connect failed: %s\n", mysqli_connect_error());
            exit();
        }

        if ($stmt = $mysqli->prepare("INSERT INTO users (name, email, user_name, user_pass, contact_number) VALUES (?,?,?,?,?)")) 
        {
            $stmt->bind_param("sssss", $post['name'], $post['email'], $post['username'], $post['password'], $post['phone']);
            $stmt->execute();
            $stmt->close();
            if(!$mysqli->affected_rows)
            {
                print("Record could not be inserted"); // or save till later
            }
        }
        $mysqli->close();   
    }
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Quality Management Cell</title>
    <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7; IE=EmulateIE9">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no"/>
    <link rel="stylesheet" type="text/css" href="style.css" media="all" />
    <link rel="stylesheet" type="text/css" href="demo.css" media="all" />
</head>
<body>
<div class="container">
            <!-- freshdesignweb top bar -->
            <div class="freshdesignweb-top">
                <a href="http://www.freshdesignweb.com" target="_blank">Home</a>
                <span class="right">
                    <a href="http://www.freshdesignweb.com/beautiful-registration-form-with-html5-and-css3.html">
                        <strong>Back to Login Page</strong>
                    </a>
                </span>
                <div class="clr"></div>
            </div><!--/ freshdesignweb top bar -->
            <header>
                <h1><span>Hamdard Institute of Information Technology</span> Quality Management Cell Registration</h1>
            </header>       
      <div  class="form">
            <form id="contactform" method="post" action="index.php"> 
                <p class="contact"><label for="name">Name</label></p> 
                <input id="name" name="name" value="name" placeholder="First and last name" required tabindex="1" type="text"> 
                <p class="contact"><label for="email">Email</label></p> 
                <input id="email" name="email" placeholder="example@domain.com" required type="email"> 
                <p class="contact"><label for="username">Create a username</label></p> 
                <input id="username" name="username" placeholder="username" required tabindex="2" type="text"> 
                <p class="contact"><label for="password">Create a password</label></p> 
                <input type="password" id="password" name="password" required> 
                <p class="contact"><label for="repassword">Confirm your password</label></p> 
                <input type="password" id="repassword" name="repassword" required> 
               <fieldset>
                 <label>Birthday</label>
                  <label class="month"> 
                  <select class="select-style" name="BirthMonth">
                  <option value="">Month</option>
                  <option  value="01">January</option>
                  <option value="02">February</option>
                  <option value="03" >March</option>
                  <option value="04">April</option>
                  <option value="05">May</option>
                  <option value="06">June</option>
                  <option value="07">July</option>
                  <option value="08">August</option>
                  <option value="09">September</option>
                  <option value="10">October</option>
                  <option value="11">November</option>
                  <option value="12" >December</option>
                  </label>
                 </select>    
                <label>Day<input class="birthday" maxlength="2" name="BirthDay"  placeholder="Day" required></label>
                <label>Year <input class="birthyear" maxlength="4" name="BirthYear" placeholder="Year" required></label>
              </fieldset>
            <select class="select-style gender" name="gender">
            <option value="select">i am..</option>
            <option value="m">Male</option>
            <option value="f">Female</option>
            <option value="others">Other</option>
            </select><br><br>
            <p class="contact"><label for="phone">Mobile phone</label></p> 
            <input id="phone" name="phone" placeholder="phone number" required type="text"> <br>
            <input class="buttom" name="submit" id="submit" tabindex="5" value="Register" type="submit">      
   </form> 
</div>      
</div>
</body>
</html>
1

I'm a little confused as to why you want so much information to log someone in. Do you mean register?

You say you get 1 extra error? So this doesn't happen for every textfield? This is only happening for one?

My advice would be to change the else statements to echo something more specific to that field ie:

if( isset( $_POST['name'] ) ) {
    $name = $_POST['name'];
} else {
    echo '<div class="alert alert-danger">&quot;Name&quot; has not been completed!</div>';
}

That way you should be able to see which field is causing the problem and from that likely find a "name=" attribute that doesnt match up with a "$_POST['" variable.

Hope this helps and let me know how you get on.

0

Josh. i am getting this error in each and every field which is passed on with $_POST... .

1

Josh is correct - this is incompletely implemented registration NOT login. BTW - did you try the code I supplied?

Edited by diafol

0

yeah i tried.. its giving me the error in every field.
& why you have used the word "incompletely implemented" in this registration form? Does it require more options? or some kind of privileges?

0

OK, after line 14:

$post = array_map("trim", $_POST);

Place this:

print_r($post);

See what it gives.

Anyway incompletely - yes - as I've noted in the comments in my code. No validation for passwords or existing usernames or previous registration by the same user (e.g. email check).

0

Okay Diafol. Thanks alot! Your code helped me alot. I will be focusing on the privileges that you have discussed and will be in touch with you buddy!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.