472,121 Members | 1,496 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > php > questions > any one help me with this code !!!

Join Bytes to post your question to a community of 472,121 software developers and data experts.

any one help me with this code !!!

i am trying to built urer registration and user login page

the registration page works perfectly fine.(the enterted data is stored the the database with $hash password)

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  
  3.  
  4. $showError="false";
  5. if($_SERVER["REQUEST_METHOD"] == "POST"){
  6.     include '_dbconnect.php';
  7.  
  8.     $user_email = $_POST['signupemail'];
  9.     $pass = $_POST['signuppassword'];
  10.     $cpass = $_POST['signuppassword'];
  11.  
  12.     // check wether this email exists
  13.  
  14.     $existSql="select * from `users` where user_email = '$user_email'";
  15.     $result = mysqli_query($conn, $existSql);
  16.     $numRows = mysqli_num_rows($result);
  17.     if($numRows>0){
  18.         $showError = "Email already in use";
  19.     } else{
  20.         if($pass == $cpass){
  21.            $hash = password_hash($pass, PASSWORD_DEFAULT);
  22.            $sql =" INSERT INTO `users` ( `user_email`, `user_pass`, `timestamp`) VALUES ('  $user_email', '  $hash', current_timestamp())";
  23.            $result = mysqli_query($conn, $sql);
  24.            if($result){
  25.             $showAlert=true;
  26.             header("Location:/wediscuss%20forum/index.php?signupsuccess=true");
  27.             exit();
  28.            }
  29.         }else{
  30.             $showError ="passwords do not match";  
  31.  
  32.         }
  33.     }
  34.     header("Location:/wediscuss%20forum/index.php?signupsuccess=false&error= $showError ");
  35. }
  36.  
  37.  
  38.  
  39. ?>
The problem arises when i try to login . the page gets redirected but the echo is not working ( like printing THIS user is loged in)

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $showError = "false";
  3. if($_SERVER["REQUEST_METHOD"] == "POST"){
  4.   include '_dbconnect.php';
  5.   $email = $_POST['loginEmail'];
  6.   $pass = $_POST['loginPass'];
  7.  
  8.   $sql = "SELECT * FROM `users` where user_email='$email'";
  9.   $result = mysqli_query($conn, $sql);
  10.   $numRows = mysqli_num_rows($result);
  11.   if($numRows==1){
  12.     $row = mysqli_fetch_assoc($result);
  13.     if(password_verify(  $email, $row['user_pass'])){
  14.           session_start();
  15.           $_SESSION['loggedin'] = true;
  16.             $_SESSION['slno'] = $row['slno'];
  17.             $_SESSION['useremail'] = $email;
  18.             echo "loggedin". $email;
  19.  
  20.         } 
  21.         else{
  22.           echo "unable to login";
  23.  
  24.         }
  25.     }
  26.  
  27.  
  28. ?>
Sep 11 '22 #1
2 10309
bakertaylor28
45 32bit
Expand|Select|Wrap|Line Numbers
  1.  header("Location:/wediscuss%20forum/index.php?signupsuccess=false&error= $showError ");
  2.  
This is your problem - logins are better done by storing a session var:

Expand|Select|Wrap|Line Numbers
  1. ...
  2. // After checking against database We set session variable to 0 when logged out and 1 when logged in
  3. $_SESSION['login'] === foo;
  4.  
  5. //We then evaluate for login:
  6. if  ($_SESSION['login'] === 1) {
  7. //show pasword protected content 
  8.  header("Location:/protected/content.php");
  9. } elseif ($_SESSION['login'] === 0) {
  10. // deny access
  11.  header("Location:/path/to/static/errorpage.php ");
  12. } else {
  13. die();
  14. }
  15. ...
  16.  
We check the session var on every protected page or location. it is important that we use === not == or = in order to prevent code injection, any time we're anywhere around SQL.
3 Weeks Ago #2
Techii1120
12 Byte
Based on the given code, the issue seems to be that the header() function is called twice in the code, which is not allowed. Once a header has been sent, no further headers can be sent. In this case, the first header() function is called after the user has been successfully registered, which is fine. However, the second header() function is called after the error message is set, which is causing the issue.


To fix this issue, you can try the following solution:



Remove the second header() function, which is located at the end of the code.


Instead of redirecting the user to the index.php page with an error message in the URL, you can store the error message in a session variable and redirect the user to the index.php page without any error message in the URL.



Here is an updated version of the PHP code:


<?php
session_start();
$showError = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
include '_dbconnect.php';

$user_email = $_POST['signupemail'];
$pass = $_POST['signuppassword'];
$cpass = $_POST['signuppassword'];

$existSql = "select * from `users` where user_email = '$user_email'";
$result = mysqli_query($conn, $existSql);
$numRows = mysqli_num_rows($result);

if ($numRows > 0) {
$showError = "Email already in use";
} else {
if ($pass == $cpass) {
$hash = password_hash($pass, PASSWORD_DEFAULT);
$sql = "INSERT INTO `users` (`user_email`, `user_pass`, `timestamp`) VALUES ('$user_email', '$hash', current_timestamp())";
$result = mysqli_query($conn, $sql);
if ($result) {
$_SESSION['signupsuccess'] = true;
header("Location: /wediscuss%20forum/index.php");
exit();
}
} else {
$showError = "Passwords do not match";
}
}

$_SESSION['signupsuccess'] = false;
$_SESSION['error'] = $showError;
header("Location: /wediscuss%20forum/index.php");
exit();
}
?>

In the updated code, the error message is stored in a session variable called error, and the signupsuccess variable is set to either true or false based on whether the user was successfully registered or not. The user is then redirected to the index.php page without any error message in the URL.
2 Days Ago #3

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics
What do other's make of this code?
12 posts views Thread by Steven T. Hatton | last post: by
Why Does This Code Work SOOOO Slow?
2 posts views Thread by blongmire | last post: by
what is wrong with this code ? hi-q
6 posts views Thread by Niklaus | last post: by
What do you think about the code?
53 posts views Thread by jaso | last post: by
Tryiing just to read/understand this code
54 posts views Thread by smnoff | last post: by
Why is this code compiling properly??
21 posts views Thread by onkar | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates