473,379 Members | 1,323 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,379 software developers and data experts.

any one help me with this code !!!

i am trying to built urer registration and user login page

the registration page works perfectly fine.(the enterted data is stored the the database with $hash password)

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  
  3.  
  4. $showError="false";
  5. if($_SERVER["REQUEST_METHOD"] == "POST"){
  6.     include '_dbconnect.php';
  7.  
  8.     $user_email = $_POST['signupemail'];
  9.     $pass = $_POST['signuppassword'];
  10.     $cpass = $_POST['signuppassword'];
  11.  
  12.     // check wether this email exists
  13.  
  14.     $existSql="select * from `users` where user_email = '$user_email'";
  15.     $result = mysqli_query($conn, $existSql);
  16.     $numRows = mysqli_num_rows($result);
  17.     if($numRows>0){
  18.         $showError = "Email already in use";
  19.     } else{
  20.         if($pass == $cpass){
  21.            $hash = password_hash($pass, PASSWORD_DEFAULT);
  22.            $sql =" INSERT INTO `users` ( `user_email`, `user_pass`, `timestamp`) VALUES ('  $user_email', '  $hash', current_timestamp())";
  23.            $result = mysqli_query($conn, $sql);
  24.            if($result){
  25.             $showAlert=true;
  26.             header("Location:/wediscuss%20forum/index.php?signupsuccess=true");
  27.             exit();
  28.            }
  29.         }else{
  30.             $showError ="passwords do not match";  
  31.  
  32.         }
  33.     }
  34.     header("Location:/wediscuss%20forum/index.php?signupsuccess=false&error= $showError ");
  35. }
  36.  
  37.  
  38.  
  39. ?>
The problem arises when i try to login . the page gets redirected but the echo is not working ( like printing THIS user is loged in)

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $showError = "false";
  3. if($_SERVER["REQUEST_METHOD"] == "POST"){
  4.   include '_dbconnect.php';
  5.   $email = $_POST['loginEmail'];
  6.   $pass = $_POST['loginPass'];
  7.  
  8.   $sql = "SELECT * FROM `users` where user_email='$email'";
  9.   $result = mysqli_query($conn, $sql);
  10.   $numRows = mysqli_num_rows($result);
  11.   if($numRows==1){
  12.     $row = mysqli_fetch_assoc($result);
  13.     if(password_verify(  $email, $row['user_pass'])){
  14.           session_start();
  15.           $_SESSION['loggedin'] = true;
  16.             $_SESSION['slno'] = $row['slno'];
  17.             $_SESSION['useremail'] = $email;
  18.             echo "loggedin". $email;
  19.  
  20.         } 
  21.         else{
  22.           echo "unable to login";
  23.  
  24.         }
  25.     }
  26.  
  27.  
  28. ?>
Sep 11 '22 #1
1 16935
bakertaylor28
45 32bit
Expand|Select|Wrap|Line Numbers
  1.  header("Location:/wediscuss%20forum/index.php?signupsuccess=false&error= $showError ");
  2.  
This is your problem - logins are better done by storing a session var:

Expand|Select|Wrap|Line Numbers
  1. ...
  2. // After checking against database We set session variable to 0 when logged out and 1 when logged in
  3. $_SESSION['login'] === foo;
  4.  
  5. //We then evaluate for login:
  6. if  ($_SESSION['login'] === 1) {
  7. //show pasword protected content 
  8.  header("Location:/protected/content.php");
  9. } elseif ($_SESSION['login'] === 0) {
  10. // deny access
  11.  header("Location:/path/to/static/errorpage.php ");
  12. } else {
  13. die();
  14. }
  15. ...
  16.  
We check the session var on every protected page or location. it is important that we use === not == or = in order to prevent code injection, any time we're anywhere around SQL.
Feb 25 '23 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: lily82 | last post by:
can sm 1 help me transform this code to C# code?? tq so much :wink: Goto : <% Dim counter Dim page Dim pages counter= 10 pages = 20 page = 1
12
by: Steven T. Hatton | last post by:
This is something I've been looking at because it is central to a currently broken part of the KDevelop new application wizard. I'm not complaining about it being broken, It's a CVS images. ...
5
by: Arno R | last post by:
Hi all, Is it possible to 'hide' code (e.g. in a mde) and to use this in app.mdb? Reason for asking: I have made some of the applications a client (health-care organisation) works with. My...
2
by: blongmire | last post by:
.... I know just enough to be dangerous, but the real danger is that I might fall asleep and hit my head on my keyboard waiting for this code to finish executing. Some preliminaries: WinXP Pro,...
6
by: Niklaus | last post by:
Hi, Can someone point out what is wrong with this code ? How can i make it better optimize it. When run it gives me seg fault in linux. But windows it works fine(runs for a long time). Do we...
6
by: Chris | last post by:
When I run this code in VB.NET, it hangs on the GeneratePerlinTexture call. I think it is because I am not calling it correctly. The C# code that works: static extern unsafe void...
53
by: jaso | last post by:
Can you give any comments on this code? I used one goto, is it bad? #include <stdio.h> #include <stdlib.h> #include <ctype.h> #include <string.h> #include <assert.h> #define NOT_NULL 1
54
by: smnoff | last post by:
Below is a section from string.c at this linkhttp://cvs.opensolaris.org/source/xref/on/usr/src/common/util/string.cthat I am trying to fully understand.I don't fully understand LINE 514; not to...
21
by: onkar | last post by:
#include<stdio.h> int i; int i; int main(){ printf("i=%d\n",i); return 0; } Note : I am using gcc-3.4.3 on i386-redhat-linux
8
by: teneesh | last post by:
I am trying to get rid of the #Name error that appears in my txtHosp text box when I run this code. the code below is also a call command, so any time I am updating a combo box, the following error...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.