Mlaaa

<?php // date H is display a hour in a 24 hour format 20:00 $t = date("H"); // so if Hour $t is lesser than 20:00 display message "have a good day" 00:00 - 19:59 if ($t < "20") { // display this message until 20:00 h echo "Have a good day."; } else { // time is now 20:00+ echo "Have a good night."; } ?>

Are u using error_reporting(E_ALL); ini_set('error_reporting', 1); var_dump($_COOKIE); And i think that u need to check if user is logged in ( if cookie exists ) before u try to login.

First of all u don't have in your input fields name="" which is used for $_POST['name'], it need to be like this Login form: <form action ="login.php" method="POST"> <input type="text" name="Username" class= "inputvalues" placeholder="Username" required/><br> <input type="password" name="Password" class= "inputvalues" placeholder="Password" required/><br> <input type="submit" name="submit" id="login_btn" value="Register"/> </form> Register form: <form action ="register.php" method="POST"> <input type="text" name="Username" class= "inputvalues" placeholder="Username" required/><br> <input type="password" name="Password" class= "inputvalues" placeholder="Password" required/><br> <input type="submit" name="submit" id="login_btn" value="Register"/> </form> Second thing u need a proper connection to database mysqli or PDO with prepared statements "mysql is deprecated DON'T USE IT !" Also don't use md5() it's not safe for decryption use password_hash() and password_verify() for storing passwords http://php.net/manual/en/ref.password.php This is a config file with error_reporting() and proper connection: conf.php <?php // turn on error reporting error_reporting(1); ini_set("error_reporting", E_ALL); $db_host = 'localhost'; // your host name $db_user = 'root'; // your database username $db_pass = ''; // your batabase password $db_name = 'web'; // your database name // mysqli connection $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name); // test connection if (!$conn) { echo "Error: Unable to connect to MySQL." . mysqli_connect_error(); exit(); } ?> login.php <?php // include your config file include_once 'conf.php'; // check if submit button is pressed if (isset($_POST['submit'])) { // check if your fields username and password isset if (isset($_POST['Username']) && isset($_POST['Password'])) { // grab data from your form inputs $_POST['Username'] and $_POST['Password'] // prevent mysql injection $Username = mysqli_escape_string($conn, $_POST['Username']); $Password = mysqli_escape_string($conn, $_POST['Password']); // convert password to md5() $Password_md5 = md5($Password); // make query to check for username and password match $query = "SELECT * FROM users WHERE Username = '$Username' AND Password = '$Password_md5'"; // run query $query_run = mysqli_query($conn, $query); // fetch data from query $row = mysqli_fetch_array($query_run); // check if username and password if founded, if founded result is greater than 0 if ($row > 0) { $_SESSION['Username'] = $Username; } else { echo "Invalid username or password."; } } } ?> register.php <?php // include your config file include_once 'conf.php'; // check if submit button is pressed if (isset($_POST['submit'])) { // check if your fields username and password isset if (isset($_POST['Username']) && isset($_POST['Password'])) { // grab data from your form inputs $_POST['Username'] and $_POST['Password'] // prevent mysql injection $Username = mysqli_escape_string($conn, $_POST['Username']); $Password = mysqli_escape_string($conn, $_POST['Password']); // convert password to md5() $Password_md5 = md5($Password); // make query to check that username don't exists, prevent duplicate usernames $query = "SELECT * FROM users WHERE Username = '$Username'"; // run query $query_run = mysqli_query($conn, $query); // fetch data from query $row = mysqli_fetch_array($query_run); // if username exists give a message if ($row > 0) { echo "Username already in use, please choose another one."; } else { // if user don't exists lets put him into database $reg = "INSERT INTO users (Username, Password) VALUES ('$Username', '$Password_md5')"; // run query $reg_user = mysqli_query($conn, $reg); // check if our user is inserted into database if (mysqli_insert_id($conn)) { echo "Thank u for registering, u can now <a href=\"login.php\">Login</a>"; // close connection mysqli_close($conn); } else { echo "User fail to register, please try again."; } } } } ?>

U thinking clearly , if i select username from database it will give me all information about this user as i need, and what i need is to check if that password is valid for that username from query. So your code need to be valid. I try to login with all combination and it only login me with right username and password. So this works. Thanks guys.

I try this, and it works, if u enter valid username it wont login if u enter valid password and invalid username it wont login. But if i leave WHERE korisnicko_ime = :username AND lozinka = :password this don't works. $stmt = $dbh->prepare("SELECT * FROM administrator WHERE korisnicko_ime = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $p = $stmt->fetch(); if (password_verify($password, $p['lozinka']) && $p['korisnicko_ime'] == $username) { $_SESSION['laa'] = $username; header('Location: index.php'); exit(); }

Thanks i used it like this and how works, also problem was in $p['password'] instead or $p['lozinka'] and same for username/korisnicko ime. $stmt = $dbh->prepare("SELECT * FROM administrator WHERE korisnicko_ime = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $p = $stmt->fetch(); if (password_verify($password, $p['lozinka']) || $p['korisnicko_ime'] == $username) { $_SESSION['laa'] = $username; header('Location: index.php'); exit(); }

So i need first query to get the password from the database that i can check it with entered password ? Then another query to check if username and password match ?

Hi, i have problem with login script. Problem is that i cant login using my username and password. Password i entered in database was with password_hash('admin', PASSWORD_DEFAULT); Here is a code <?php include 'config.php'; if (isset($_SESSION['laa'])) { die('U already logged in. <a href="index.php">Home</a>'); } if (isset($_POST['login'])) { if (isset($_POST['username']) && isset($_POST['password'])) { $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); if (empty($username) || empty($password)) { $error = 'Please enter username and password.'; } else { //$password = password_verify($password, PASSWORD_DEFAULT); $stmt = $dbh->prepare("SELECT * FROM administrator WHERE korisnicko_ime = :username AND lozinka = :password"); $stmt->bindParam(':username', $username); $stmt->bindParam(':password', $password); $stmt->execute(); $p = $stmt->fetch(); //password_verify($password, $data['password'])) if ($p['username'] == $username || $p['password'] == $password) { $_SESSION['laa'] = $username; header('Location: index.php'); exit(); } else { $error = 'Invalid username or password.'; } } } else { $error = 'Please enter username and password.'; } } ?> <center> <div style="display:block; margin-top: 10%;"> <p><?php if(!empty($error)) { echo $error; } ?></p> <form action="login.php" method="post"> <p>Username : <input type="text" name="username"></p> <p>Password : <input type="password" name="password"></p> <p><input type="submit" name="login" value="Login"></p> </form> </div> </center>

So what u can suggest to me how do i escape data before i insert them into database ? Because i founded in one CMS some fuctions to escape, or is this bad example of using function cleartext($text, $bbcode=true, $calledfrom='root') { $text = htmlspecialchars($text); $text = strip_tags($text); $text = smileys($text,1,$calledfrom); $text = insertlinks($text,$calledfrom); $text = flags($text,$calledfrom); $text = replacement($text, $bbcode); $text = htmlnl($text); $text = nl2br($text); return $text; } function htmloutput($text) { $text = smileys($text); $text = insertlinks($text); $text = flags($text); $text = replacement($text); $text = htmlnl($text); $text = nl2br($text); return $text; } function clearfromtags($text) { $text = getinput($text); $text = strip_tags($text); $text = htmlnl($text); $text = nl2br($text); return $text; } function getinput($text) { //$text = stripslashes($text); $text = htmlspecialchars($text); return $text; } function getforminput($text) { $text = str_replace(array('\r','\n'),array("\r","\n"),$text); $text = stripslashes($text); $text = htmlspecialchars($text); return $text; }

I know for validation that i must check is user/email already exists, double password check, crypt password, password/username lenght and that kind of stuff im just curious when i take $_POST data from form do i must somehow to secure them before inserting.

Hi I have a question about managing data from forms and database, to be exact for safe input/output data from form input fields. Do i need some filters to remove code from input if user try to insert ? When i making database table i limiting chars and same in form. Here is a piece of code i use just for test and example : // connection to database $dbh = new PDO('mysql:host=localhost;dbname=test123', 'root', ''); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // variables to insert into database $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; // query with prepare statements $stmt = $dbh->prepare("INSERT INTO members (username, password, email) VALUES (:username, :password, :email)"); $stmt->bindParam(":username", $username, PDO::PARAM_STR); $stmt->bindParam(":password", $password, PDO::PARAM_STR); $stmt->bindParam(":email", $email, PDO::PARAM_STR); $stmt->execute(); $lastId = $dbh->lastInsertId(); // checking if query is passed and data is inserted into dataabse if($lastId > 0) { echo 'Thank u for register.'; } else { echo 'Something went wrong, please try again.'; }

Sorry for this try...catch block i was trying it on my computer i readed on link he gave Set PDO in exception mode. Do not use try..catch to report errors. Configure PHP for proper error reporting But can u tell me what to use then to protect input fields when inserting data into database or PDO do it itself ? Do i must use some kind of filter or just go with variable itself without any protection ? I know that with prepared statements u avoid SQL injections.

So is this will be a good usage of PDO ? Im just curious because i learned from codeacademy from youtube chanell. I just didn't added that code in function in try...catch block. try { $dbh = new PDO('mysql:host=localhost;dbname=test123', 'root', ''); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } function NewUser() { $username = strip_tags($_POST['username']); $email = filter_var($_POST['useremail'], FILTER_VALIDATE_EMAIL); $password = strip_tags($_POST['password']); $stmt = $dbh->prepare("INSERT INTO members (username, email, password) VALUES (:username, :email, :password)"); $stmt->bindParam(":username", $username, PDO::PARAM_STR); $stmt->bindParam(":email", $email, PDO::PARAM_STR); $stmt->bindParam(":password", $password, PDO::PARAM_STR); $stmt->execute(); $lastId = $dbh->lastInsertId(); if($lastId > 0) { echo "YOUR REGISTRATION IS COMPLETED."; } else { echo "SOMETHING WENT WRONG."; } }

I personally using a built in php filters http://php.net/manual/en/book.filter.php But from hes code u see he is starting to learn and even don't know how to make a query right, so for start will be better to jump straight to PDO http://www.w3schools.com/php/php_mysql_prepared_statements.asp http://php.net/manual/en/book.pdo.php

Try like this and check for PDO instead of using mysqli its more simpler and less code. <?php $con = new mysqli('localhost', 'id535401_root', 'Patch201796','id535401_kickednetwork' ) or die("Could not connect to mysql".mysqli_error($con)); function NewUser() { $username = htmlspecialchars($_POST['username']); $email = htmlspecialchars($_POST['useremail']); $password = htmlspecialchars($_POST['password']); $username = mysqli_real_escape_string($con, $username); $email = mysqli_real_escape_string($con, $email); $password = mysqli_real_escape_string($con, $password); $query = "INSERT INTO members (username, email, password) VALUES ('".$username."','".$email."','".$password."')"; $data = mysqli_query($con, $query) or die(mysqli_error()); if($data) { echo "YOUR REGISTRATION IS COMPLETED."; } else { echo "SOMETHING WENT WRONG."; } } function SignUp() { // check if username and password fields are not empty if(!empty($_POST['username']) && !empty($_POST['password'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text { /* * Convert special characters to HTML entities * http://in2.php.net/manual/en/function.htmlspecialchars.php */ $username = htmlspecialchars($_POST['username']); $password = htmlspecialchars($_POST['password']); /* * Escapes special characters in a string for use in an SQL statement, * http://in2.php.net/manual/en/mysqli.real-escape-string.php */ $username = mysqli_real_escape_string($con, $username); $password = mysqli_real_escape_string($con, $password); $query = mysqli_query($con, "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."'") or die(mysqli_error()); if(!$row = mysqli_fetch_array($con, $query) or die(mysqli_error())) { newuser(); } else { echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; } } } if(isset($_POST['submit'])) { SignUp(); } ?>

Try this <?php error_reporting(E_ALL); // connection to database try { $dbh = new PDO('mysql:host=your_host;dbname=database_name', 'username', 'password'); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Database</title> </head> <body> <?php //select values from towns table $stmt = $dbh->prepare ("SELECT * FROM towns"); $stmt->execute(); $data = $stmt->fetchAll(); echo '<table width="100%"> <tr> <th>Town ID</th> <th>Town</th> <th>Province</th> <th>Street</th> </tr>'; // display all values in table foreach ($data as $key) { echo '<tr> <td>'.$key['town-id'].'</td> <td>'.$key['town'].'</td> <td>'.$key['province'].'</td> <td>'.$key['street'].'</td> </tr>'; } echo '</table>'; ?> </body> </html>

Hi As title say i have problem with image uploading. I don't get any error but image don't wanna to upload. Folder have permision 755. Here is a script : error_reporting(E_ALL); include 'header.php'; echo '<h2>Add image</h2>'; $target_dir = '../images/'; // Check if image file is a actual image or fake image if(isset($_POST['submit'])) { if(!empty($_FILE['fileToUpload'])) { $target_file = $target_dir . basename($_FILES['fileToUpload']['name']); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $check = getimagesize($_FILES['fileToUpload']['tmp_name']); if($check !== false) { // Check if file already exists if (file_exists($target_file)) { $error = '<p class="fail">Sorry, file already exists.</p>'; } else { if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_file)) { $error = '<p class="success">The file '. basename( $_FILES['fileToUpload']['name']). ' has been uploaded.</p>'; } else { $error = '<p class="fail">Sorry, there was an error uploading your file.</p>'; } } } else { $error = '<p class="fail">File is not an image.</p>'; } } else { $error = '<p class="fail">Please select image.</p>'; } } And form html : <?php if(!empty($error)) { echo $error; } ?> <form action="" method="post" enctype="multipart/form-data"> <fieldset> <legend></legend> <p> <label for="file">Filename : </label> <input type="file" name="fileToUpload" id="file"> </p> <p><input type="submit" name="submit" value="Save"></p> </fieldset> </form>

i want to store errors in session array and then display it on html page with just calling function errors()

here is working script if you need one <?php session_start(); require 'core/_mysql.php'; require 'core/_func.php'; include 'includes/overall/header.php'; if (!logged()) { if ($_POST) { if (isset($_POST['username']) && isset($_POST['password'])) { $user = safe_query(safe_input($_POST['username'])); $pass = safe_query(safe_input($_POST['password'])); if (!empty($user) && !empty($pass)) { $q = mysqli_query($db, "SELECT `username`, `password` FROM `users` WHERE `username` = '".$user."'"); if (mysqli_num_rows($q) == 1) { $r = mysqli_fetch_assoc($q); if ($user == $r['username'] && $pass == $r['password']) { $_SESSION['username'] = $r['username']; header('Location: index.php'); exit(); } else { echo 'Invalid username / password combination.'; } } else { echo 'Invalid username.'; } } else { echo 'Please enter username and password.'; } } } ?> <form action="login.php" method="POST"> Username : <input type="text" name="username" placeholder="Username" maxlenght="30" /><br /> Password : <input type="password" name="password" placeholder="Password" maxlenght="30" /><br /> <input type="submit" value="Login" /><br /> <a href="register.php">Sign up</a><br /> <a href="lost_password.php">Lost password</a> </form> <?php } else { header('Location: index.php'); exit(); } include 'includes/overall/footer.php'; ?>

Hi all I have problem with making custom function to deal with my scripts i tried and look on google but cant find here is code i have function errors() { $errors = array(); $_SESSION['errors'] = $key->$errors; foreach ($_SESSION['errors'] as $error) { return $error; } } and i use it like this in my script $error[] = 'Please enter username and password.'; but when i call function i have errors Notice: Undefined variable: key in C:\xampp\htdocs\core\_func.php on line 37 Notice: Trying to get property of non-object in C:\xampp\htdocs\core\_func.phpon line 37 Warning: Invalid argument supplied for foreach() inC:\xampp\htdocs\core\_func.php on line 38 please help me

Session is started here in include init.php so i include that file everywhere i want to see if user is logged in and check with logged() func. I dont know if problem is here $_SESSION['user_id'] = 1; maybe i need to make query to take username from database and put it in session, but i want to make like this function user() { grab data from database and compare it with logged user and started session tehn display only username when i call user() function } and use it like echo 'Welcome' . user(); not with session variable

Hey all, i made login script and all works fine, but i have problem with getting username to show like Welcome Username. I dont know if i wrong in function or when i started a session here is code // function for display username function user($username) { $username = sanitize($username); $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"); $result = mysql_result($query, 0, 'username'); if ($result == true) { return true; } else { return false; } } this is function and when i call it it doesn't show nothing, and here is login.php <?php include 'core/init.php'; // check if user is logged if (!logged()) { if (isset($_POST['login'])) { $username = $_POST['username']; $password = $_POST['password']; if (isset($username) && isset($password)) { // check if username and password is entered if (empty($username) && empty($password)) { echo 'All fields are required'; // if username exist in database } else if (user_exist($username) === false) { echo 'Username with that username dont exist.'; // check if username and password match } else if (is_match($username, $password) === false) { echo 'Invalid username, password combination'; } else { // start session $_SESSION['user_id'] = 1; // redirect user to user page header('Location: logged.php'); exit(); } } } } else { header('Location: index.php'); exit(); } ?> so do i must make query in login.php and take username and put in in session or i can put that in function ? Please help im new in php so... be gentle