Jump to content

got new php login with forgot password script


ianhaney

Recommended Posts

Hi

 

I now have a new php login script with forget password and seems to be working so far and have signed up but having issues with the login script

 

each time I go to login, I get the following error

 

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/it-doneright.co.uk/public_html/includes/header.php:107) in/home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 49

 

I looked up this error and was saying about blank lines above the coding but have checked and is no blank files in the coding so am quite lost to be honest

 

below is what I have in my login page

<?php
session_start();
?>

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
?>

<?php 
$title = "Affiliate Login - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->
 
	<div id="column-whole">
    <h2 class="title">Affiliate Login</h2>
    <hr class="carved" />

<form action="" method="post" class="signup">
<h2>Name*:</h2> <input type="text" name="username" />
<br>
<h2>Password*:</h2> <input type="password" name="password" />
<br>
<input type="submit" value="Login" id="submit" />
<a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a>
</form>

<?php
include'config-db.php';
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = $_POST['username'];
$password = md5($_POST['password']);
//check data
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0){
	while($row = $result->fetch_assoc()) {
        $username = $row["username"];	
      //Store the name in the session
      $_SESSION['login'] = $username;
	  header("location:affiliate-profile.php?id=?");
    }
}
else {
    echo "<h2>Incorrect Username/Password</h2>";
}
}
?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>
Link to comment
Share on other sites

I have sorted that now and is working but now got a id issue

 

after logging in, it should redirect to profile.php?id=11 but instead it is going to

 

profile.php?id=

 

so I know I need to pull the id from the database but unsure how to do it, would id needed to be added to the following query

 

$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";

 

am I close at all?

Link to comment
Share on other sites

Edit: Nevermind, you figured it out. However, its not redirecting to the right page probably because of this:

 

 

header("location:affiliate-profile.php?id=?");

 

Why do you have a question mark there? Should that question mark instead be id=11?

Edited by mikesta707
Link to comment
Share on other sites

I changed it now to the following but get the error: Notice: Undefined index: id in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 43

<?php
session_start();
ob_start();
?>

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
?>

<?php 
$title = "Affiliate Login - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->
 
	<div id="column-whole">
    <h2 class="title">Affiliate Login</h2>
    <hr class="carved" />

<form action="" method="post" class="signup">
<h2>Name*:</h2> <input type="text" name="username" />
<br>
<h2>Password*:</h2> <input type="password" name="password" />
<br>
<input type="submit" value="Login" id="submit" />
<a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a>
</form>

<?php
include'config-db.php';
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = $_POST['username'];
$password = md5($_POST['password']);

$id = $_GET['id'];

//check data
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'";

$result = $conn->query($sql);
if ($result->num_rows > 0){
	while($row = $result->fetch_assoc()) {
        $username = $row["username"];	
      //Store the name in the session
      $_SESSION['username'] = $username;
	  header("location:affiliate-profile.php?id=$id");
    }
}
else {
    echo "<h2>Incorrect Username/Password</h2>";
}
}
?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

And it also comes up with Incorrect Username/Password when it is correct info

Link to comment
Share on other sites

Well, that error probably means that $_GET['id'] doesn't exist (assuming the line $id = $_GET['id']; is line 43). What does the URL for this page look like? Is it something like www.whatever.com/index.php?id=1 or something?

 

Plus that doesn't really even make sense. You are trying to grab the id of the current page, and trying to redirect to that same id. Shouldn't you be redirecting to a different page? If you know the exact page you want to redirect to, and it will never change, why not just put the actual id of the page you want to redirect to, instead of using a variable. IE something like:

 

 

header("location:affiliate-profile.php?id=11");

 

You are also probably getting wrong username/password because of your SQL statement here: 

 

$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'";

 

 

You are basically saying where the username and password are correct, AND where the id is equal to the page id. This doesn't really make any sense, why would the user's row id be the same as the page id? I would just take that part out IE:

 

 

$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";

 

Where is the $_GET['id'] even coming from. Do you store your page IDs in your database? How exactly do you handle your page includes/redirects? I don't see anywhere on that page where you even use the $_GET['id'] variable correctly to include a different page. 

Link to comment
Share on other sites

Sorry lost me, I am confused now

 

I can't put id=11 as other users will be signing up which will have different ids

 

I have taken off AND id = '$id' from the query now and it is now redirecting to the following page but still no id number is pulled from the database

 

http://www.it-doneright.co.uk/affiliate-profile.php?id=

 

below is my affiliate-profile.php file code

<?
session_start();

if($_SESSION['username']==''){
 header("Location:affiliate-login.php");
}else{
 include("config-db.php");
 $sql=$dbh->prepare("SELECT * FROM affiliates WHERE id=?");
 $sql->execute(array($_SESSION['username']));
 while($r=$sql->fetch()){
?>

<?php 
$title = "Affiliate Profile - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
  echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
  echo "<br><br>";
  echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
  echo "</div>";
  echo "<br><br>";
 }
}
?>

<h2 class="title">Your Affiliate Information</h2>
<hr class="carved" />

<?php

// connect to the database
                        include('config-db.php');

if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) {

// display records if there are records to display
if ($result->num_rows > 0)
{
											
											echo "<table class='affiliate'>";
											echo "<tr>";
											echo "<th>Affiliate ID</th>";
											echo "<th>Name</th>";
											echo "<th>Email</th>";
											echo "<th>Amount Earned</th>";
											echo "</tr>";
											
											while ($row = $result->fetch_object())
                                        {
											
											// set up a row for each record
                                                echo "<tr>";
												echo "<td>" . $row->id . "</td>";
												echo "<td>" . $row->username . "</td>";
												echo "<td>" . '£' . $row->amount_earned . "</td>";
												echo "</tr>";
												}
                                        
                                        echo "</table>";
                                }
								// if there are no records in the database, display an alert message
                                else
                                {
                                        echo "No results to display!";
                                }
                        }
                        // show an error if there is an issue with the database query
                        else
                        {
                                echo "Error: " . $mysqli->error;
                        }
                        
                        // close database connection
                        $mysqli->close();
						?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

Link to comment
Share on other sites

Ah I see, so the ID isn't a page id, but rather an ID for the user. I wasn't aware of that. 

 

The reason that your ID is empty is most likely because your form's action attribute doesn't specify the ID. So naturally $_GET['id'] would be unset.

 

What you probably need to do is grab the ID from the database once you verify that the username and password are indeed correct. IE instead of doing this:

 

$id = $_GET['id'];

//check data
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'";

$result = $conn->query($sql);
if ($result->num_rows > 0){
    while($row = $result->fetch_assoc()) {
$username = $row["username"];    
//Store the name in the session
$_SESSION['username'] = $username;
     header("location:affiliate-profile.php?id=$id");
}
}

you should do something like

 
 

//$id = $_GET['id']; Can't do this, because you don't pass the ID through GET. You can't really, as you don't know the ID when the user logs in.

//check data
//Cant check the ID here either, as you don't know it yet
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";

$result = $conn->query($sql);
if ($result->num_rows > 0){
    while($row = $result->fetch_assoc()) {
       $username = $row["username"];  
       //Store the name in the session
       $_SESSION['username'] = $username;
       //You should be getting the ID HERE, as this is where you know who the User is.
       $id = $row['id'];
       header("location:affiliate-profile.php?id=$id");
   }
}

This code is untested but from what I can tell, this is roughly what you want. Hope this helps

Edited by mikesta707
Link to comment
Share on other sites

Sorry was my fault not explaining it properly regarding the id of the user

 

I got that id number now in the url but just displays your affiliate information and nothing else

 

On the page it should be displaying the following info

 

id and name

 

I have the following on the page www.it-doneright.co.uk/afiliate-profile.php?id=11

<?
session_start();

if($_SESSION['userperson']==''){
 header("Location:affiliate-login.php");
}else{
 include("config-db.php");
 $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?");
 $sql->execute(array($_SESSION['userperson']));
 while($r=$sql->fetch()){
?>

<?php 
$title = "Affiliate Profile - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
  echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
  echo "<br><br>";
  echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
  echo "</div>";
  echo "<br><br>";
 }
}
?>

<h2 class="title">Your Affiliate Information</h2>
<hr class="carved" />

<?php

// connect to the database
                        include('config-db.php');

if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) {

// display records if there are records to display
if ($result->num_rows > 0)
{
											
											echo "<table class='affiliate'>";
											echo "<tr>";
											echo "<th>Affiliate ID</th>";
											echo "<th>Name</th>";
											echo "<th>Amount Earned</th>";
											echo "</tr>";
											
											while ($row = $result->fetch_object())
                                        {
											
											// set up a row for each record
                                                echo "<tr>";
												echo "<td>" . $row->id . "</td>";
												echo "<td>" . $row->username . "</td>";
												echo "<td>" . '£' . $row->amount_earned . "</td>";
												echo "</tr>";
												}
                                        
                                        echo "</table>";
                                }
								// if there are no records in the database, display an alert message
                                else
                                {
                                        echo "No results to display!";
                                }
                        }
                        // show an error if there is an issue with the database query
                        else
                        {
                                echo "Error: " . $mysqli->error;
                        }
                        
                        // close database connection
                        $mysqli->close();
						?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

Link to comment
Share on other sites

Sorry am winning slowly

 

I have the info displayed on the page now but for some reason, the page is not showing the header and footer.php files which should be as have includes/header.php as to the updated coding below on the affiliate-profile.php

<?
session_start();

if($_SESSION['userperson']==''){
 header("Location:affiliate-login.php");
}else{
 include("config-db.php");
 $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?");
 $sql->execute(array($_SESSION['userperson']));
 while($r=$sql->fetch()){
?>

<?php 
$title = "Affiliate Profile - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
  echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
  echo "<br><br>";
  echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
  echo "</div>";
  echo "<br><br>";
 }
}
?>

<h2 class="title">Your Affiliate Information</h2>
<hr class="carved" />

<?php

// connect to the database
                        include('connect-db.php');

if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) {

// display records if there are records to display
if ($result->num_rows > 0)
{
											
											echo "<table class='affiliate'>";
											echo "<tr>";
											echo "<th>Affiliate ID</th>";
											echo "<th>Name</th>";
											echo "<th>Amount Earned</th>";
											echo "</tr>";
											
											while ($row = $result->fetch_object())
                                        {
											
											// set up a row for each record
                                                echo "<tr>";
												echo "<td>" . $row->id . "</td>";
												echo "<td>" . $row->username . "</td>";
												echo "<td>" . '£' . $row->amount_earned . "</td>";
												echo "</tr>";
												}
                                        
                                        echo "</table>";
                                }
								// if there are no records in the database, display an alert message
                                else
                                {
                                        echo "No results to display!";
                                }
                        }
                        // show an error if there is an issue with the database query
                        else
                        {
                                echo "Error: " . $mysqli->error;
                        }
                        
                        // close database connection
                        $mysqli->close();
						?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

Link to comment
Share on other sites

Pretty sure it has to do with the following:

 
if($_SESSION['userperson']==''){
header("Location:affiliate-login.php");
}else{
include("config-db.php");
$sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?");
$sql->execute(array($_SESSION['userperson']));
while($r=$sql->fetch()){
?>

<?php
$title = "Affiliate Profile - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
echo "<br><br>";
echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
echo "</div>";
echo "<br><br>";
}
}
?>

Instead of using $_SESSION['userperson'] shouldn't you be using $_GET['id']? I don't see anywhere in your code where you've even defined $_SESSION['userperson'];

 

so your query should probably be like:

 
//you should actually be checking if $_GET is empty instead of if its equal to the empty string. Also adding check for if its set
if(empty($_GET['id']) || !isset($_GET['id']){
header("Location:affiliate-login.php");
}else{
include("config-db.php");
$sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?");
//here you should be using $_GET['id'] rather than that session variable
//also note security concerns detailed below
$sql->execute(array($_GET['id']));
while($r=$sql->fetch()){
?>
...

Please note that you should sanitize you variables to make sure your code isn't vulnerable to any injections. Security concerns is out of the scope of this thread though, so I'll let you do some research on protecting your code from SQL injections and other security concerns on your own (or make a new thread about it if you want)

 

 

Edit: As Barand said, there is no need for a while loop. I wasn't going to mention that as I figured it was best to focus on 1 problem at a time, but yeah you should fix that as well.

Edited by mikesta707
Link to comment
Share on other sites

I will sort the SQL injections and got a good idea about that

 

but for now fo r some reason, the login page don't log in no more, it just loads the login page again when I click submit

<?php
session_start();
ob_start();
?>

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
?>

<?php 
$title = "Affiliate Login - IT Done Right";

$pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more...";

$pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon";

include ( 'includes/header.php' );
?>
<!--CONTENT-->
 
	<div id="column-whole">
    <h2 class="title">Affiliate Login</h2>
    <hr class="carved" />

<form action="" method="post" class="signup">
<h2>Name*:</h2> <input type="text" name="username" />
<br>
<h2>Password*:</h2> <input type="password" name="password" />
<br>
<input type="submit" value="Login" id="submit" />
<a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a>
</form>

<?php
include'config-db.php';
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = $_POST['username'];
$password = md5($_POST['password']);


//$id = $_GET['id']; Can't do this, because you don't pass the ID through GET. You can't really, as you don't know the ID when the user logs in.

//check data
//Cant check the ID here either, as you don't know it yet
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";

$result = $conn->query($sql);
if ($result->num_rows > 0){
    while($row = $result->fetch_assoc()) {
       $username = $row["username"];  
       //Store the name in the session
       $_SESSION['username'] = $username;
       //You should be getting the ID HERE, as this is where you know who the User is.
       $id = $row['id'];
       header("location:affiliate-profile.php?id=$id");
   }
}

else {
    echo "<h2>Incorrect Username/Password</h2>";
}
}
?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.