cookies and session in login form - session

I need to create a login form with session and cookies . I tried a code in login as well as logout but the cookie is not working for me. I am a beginer kindly help and below is my code for login and log out. Thanx in advance
Login.php:
<?php
session_start();
$message="";
if(count($_POST)>0) {
$conn = mysqli_connect('localhost','root','Spiegel#123','sachin') or
die('Unable To connect');
$result = mysqli_query($conn,"SELECT * FROM login WHERE name='" .
$_POST["name"] . "' and password = '". $_POST["password"]."'");
$row = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["name"] = $row[name];
} else {
$message = "Invalid Username or Password!";
}
}
if(isset($_SESSION["id"])) {
setcookie("name", $_SESSION["name"], time()+60*60*24*100, "/");
header("Location:one.php");
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<form name="frmUser" id="frmUser" method="post" action="" align="center">
<div class="message"><?php if($message!="") { echo $message; } ?></div>
<h3 align="center">Enter Login Details</h3>
Username:<br>
<input type="text" name="name">
<br>
Password:<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Submit">
<input type="reset">
</form>
</body>
</html>
Logout.php:
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
unset($_COOKIE['name']);
header("Location: login.php"); // Redirecting To Home Page
}
?>

you need to set cookie for time before now like below:
setcookie('name', null, -1, '/');

Related

google recaptcha not working scalahosting

I have two shared hosting account from godaddy and scalahosting, I test this google recaptcha code on both hosting account this code working on godaddy but not in scalahosting, Out put result will be (in this code) "You are spammer !" So what is this issue ?
Is this web hosting issue ? or ?
<html>
<head>
<title>Google recapcha demo - Codeforgeek</title>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<h1>Google reCAPTHA Demo</h1>
<form id="comment_form" action="form.php" method="post">
<input type="email" placeholder="Type your email" size="40"><br><br>
<textarea name="comment" rows="8" cols="39"></textarea><br><br>
<input type="submit" name="submit" value="Post comment"><br><br>
<div class="g-recaptcha" data-sitekey="6LftgAUTAAAAAAQkns-ihN6BIbp4Tje5_OF_TSv5"></div>
</form>
</body>
</html>
<?php
$email;$comment;$captcha;
if(isset($_POST['email'])){
$email=$_POST['email'];
}if(isset($_POST['comment'])){
$email=$_POST['comment'];
}if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
echo '<h2>Please check the the captcha form.</h2>';
exit;
}
$secretKey = "6LftgAUTAAAAAIcMb0tbYDYBN9mi_ZyIydMe2Zug";
$ip = $_SERVER['REMOTE_ADDR'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
echo '<h2>You are spammer !t</h2>';
} else {
echo '<h2>Thanks for posting comment.</h2>';
}
?>
You need a separate key for each domain and that domain needs to be added to the recaptcha domain names.

How can I upload a picture using Codeigniter

I want to know how I can upload an image and save its name in a database when using Codeigniter.
I am using a simple form tag for this, like:
<form action="./myaccount/index/" method="post" enctype="multipart/form-data">
<div>
<label for="pic">picture</label>
<input type="file" id="pic" name="pic" />
</div>
<input id="register-btn" name="register" type="submit" value="ok" class="input-text custom-btn">
</form>
Here's my controller:
public function index() {
$user = new User($_SESSION['user_id']);
if($this->input->post()){
$user->pic = $this->input->post('pic');
if($this->input->post('password') == $this->input->post('confirm')){
$user->password=md5(sha1(sha1($this->input->post('password'))));
$user->save();
$this->data['success'] = "done";
}else{
$this->errors[] = "error";
}
}
$this->data['user'] = $user;
$this->data['errors'] = $this->errors;
$this->template->set_layout('myaccount');
$this->template->build('profile',$this->data);
}
I checked the manual but I can't understand what they are doing.
Im' trying to make a controler function for this that will insert all the values in the database and also upload the image file.

PHP Session issues, perhaps lost data?

I'm having some issues using sessions on my test website (Running it on WAMP server locally, using PHP php5.3.13) I have checked my php.ini to make sure that sessions are actually being saved, which they are:
C:\wamp\tmp
Basically, when the user logs in it shows, Welcome back, .$username so when I log in with the user "John", it shows this accordingly. Now, when I leave the login page and go back to it this sessions is somehow being lost. (And yes, I am using session_start at the top of every page).
Here is my code;
index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Codecall Tutorials - Secured Login with php5</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php include "header.php" ?>
<div id="wrapper">
<form method="post" action="">
<h2>Log In</h2>
<div id="underline"></div>
<ul>
<li>
<label for="usn">Username : </label>
<input type="text" maxlength="30" required autofocus name="username" />
</li>
<li>
<label for="passwd">Password : </label>
<input type="password" maxlength="30" required name="password" />
</li>
<li class="buttons">
<input type="submit" name="login" value="Log me in" class="xbutton" />
<input type="button" name="register" value="Forgot Password?" onclick="location.href='passrecover.php'" class="xbutton" />
</li>
</ul>
</form>
</div>
</body>
</html>
<?php include "login.php" ?>
And my login.php page:
<?php
if($_POST){
if(empty($_POST['username']) && empty($_POST['password'])) {
echo 'Please enter all fields';
}else {
$username = $_POST['username'];
$password = $_POST['password'];
if($password !== $password){
echo 'Your password is wrong';
}else {
$db_name =
$db_user =
$db_pass =
$conn = new PDO('mysql:host=localhost;dbname=XXXXX', 'XXXXX', 'XXXXX', // My bd details have been removed for this post, for security issues obviously
array( PDO::ATTR_PERSISTENT => true )
);
$stmt = $conn->prepare("SELECT username,password from members WHERE username = ? AND password = ?");
$stmt = $conn->prepare("SELECT username,password FROM users WHERE username = ? AND password = ?");
$stmt->execute(array($username, $password));
if($stmt->rowCount() === 1 )
{
$_SESSION['name']= $username;
echo 'Welcome back '. $_SESSION['name'];
//echo '<META HTTP-EQUIV="Refresh" Content="0; URL=usercp.php">';
}else {
echo 'Username or Password incorrect.';
}
}
}
}
?>
So, when I originally log in it shows the $_SESSION['name'];
just fine, but when I move page and go back to it, it no longer shows it. (My other pages also have session_start(); ) My original assumption was that my code was wrong, or that my php.ini file wasn't saving any data. What is going wrong here?
You need to add session_start() on your login.php too
The reason it no longer shows is because when you go to another page, you aren't processing that block of code anymore. Because $_POST is empty on a regular page load, so you aren't echoing anything out. Try adding, var_dump($_SESSION); at the top of your page and then load something.
Try this right after your session_start();,
if(!empty($_SESSION['name'])) {
echo "Hello {$_SESSION['name']}";
}
Perhaps you're destroying the session somewhere in the script.

phpBB sessions do not carry from page to page

I have a website (located in the root directory) with a forum located in ./forum/
I have successfully integrated phpBB's sessions into the index of my website using the following codes:
In my index page before <html>:
<?php include_once("include/phpbb.php");
// check for logout request
$cp = $_GET['cp'];
// is it a logout? then kill the session!
if ($cp == "logout") {
$user->session_kill();
$user->session_begin();
echo "Successfully Logged Out.";
}
?>
phpbb.php:
<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
?>
Displaying the information - this is in header.php which is included in my index:
<?php
// Page login notice
if ($user->data['user_id'] == ANONYMOUS)
{
?>
<img src="forum/images/avatars/gallery/noavatar.png" style="float:left; width:72px; height:72px;">
<div class="login">
<form method="POST" action="forum/ucp.php?mode=login">
<ul><li><span>Username:</span> <input class="loginfield" type="text" name="username" size="20"></li>
<li><span>Password:</span> <input class="loginfield" type="password" name="password" size="20"></li>
<li>Remember Me? <input type="checkbox" name="autologin"> Register</li>
<li><input type="submit" value="Login" name="login"></li>
</ul>
<input type="hidden" name="redirect" value="../index2.php">
</form>
</div>
<?php
} else { ?>
<img src="forum/images/avatars/gallery/<?php echo $user->data['user_avatar']; ?>" style="float:left; width:72px; height:72px;">
<div class="login">
Welcome back, <?php echo $user->data['username_clean']; ?><br>
You have <?php echo $user->data['user_unread_privmsg']; ?> new messages<br>
Log Out
</div>
<?php } ?>
I can successfully log in on the index using the form I created, but if I then click to another page (i.e. about.php) I am asked to log in again. This happens for every page. This also happens if I click over to the phpbb forum.
Is there any way to make it so I can log in on any page, and not have the session restart when browsing other pages?
Thank you for any help!
Check the cookie path in your board configuration in the phpBB ACP. phpBB by default tries to create restrictive cookies with the board root specified as the cookie path.
If the cookie path is /forum/, sessions won't persist in /.

Embed wordpress registration into homepage

I am trying to embed the wordpress registration into the homepage. I already created a custom register page, the problem is that it is calling to the header information and I get this error, when I include it with php include.
Warning: Cannot modify header information - headers already sent
Is there a way I can use my code but alter it somehow/work with it somehow, so that the registration form is fully embedded/works in the page using ajax, but that it works. I am not brilliant with Php so please excuse if this is a silly question:
Current register code(works in its own page but not when included in the homepage template)
<?php
require_once(ABSPATH . WPINC . '/registration.php');
global $wpdb, $user_ID;
//Check whether the user is already logged in
if (!$user_ID) {
if($_POST){
//We shall SQL escape all inputs
$username = $wpdb->escape($_POST['username']);
if(empty($username)) {
echo "User name should not be empty.";
exit();
}
$email = $wpdb->escape($_POST['email']);
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/", $email)) {
echo "Please enter a valid email.";
exit();
}
$random_password = wp_generate_password( 12, false );
$status = wp_create_user( $username, $random_password, $email );
if ( is_wp_error($status) )
echo "Username already exists. Please try another one.";
else {
$from = get_option('admin_email');
$headers = 'From: '.$from . "\r\n";
$subject = "Registration successful";
$msg = "Registration successful.\nYour login details\nUsername: $username\nPassword: $random_password";
wp_mail( $email, $subject, $msg, $headers );
echo "Please check your email for login details.";
}
exit();
} else {
echo "";
?>
<!-- <script src="http://code.jquery.com/jquery-1.4.4.js"></script> --> <!-- Remove the comments if you are not using jQuery already in your theme -->
<?php
if(get_option('users_can_register')) { //Check whether user registration is enabled by the administrator
?>
<h1><?php the_title(); ?></h1>
<br /><br />
<div id="result"></div> <!-- To hold validation results -->
<form id="wp_signup_form" action="" method="post">
<label><p>Username:</p></label>
<input type="text" name="username" class="text" value="" />
<br /><br />
<label><p>Email address:</p></label>
<input type="text" name="email" class="text" value="" /> <br />
<br />
<input type="submit" id="submitbtn" class="Buttons" name="submit" value="Register" />
<br />
<br />
</form>
<script type="text/javascript">
$("#submitbtn").click(function() {
$('#result').html('<img src="<?php bloginfo('template_url'); ?>/images/loader.gif" class="loader" />').fadeIn();
var input_data = $('#wp_signup_form').serialize();
$.ajax({
type: "POST",
url: "<?php echo "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; ?>",
data: input_data,
success: function(msg){
$('.loader').remove();
$('<div>').html(msg).appendTo('div#result').hide().fadeIn('slow');
}
});
return false;
});
</script>
<?php
}
else echo "Registration is currently disabled. Please try again later.";
?>
</div>
</div>
<?php
echo "";
} //end of if($_post)
}
else {
wp_redirect( home_url() ); exit;
}
?>
is not safe to use a custom method for registration and mailing.
so i suggest to look at this http://digwp.com/2010/12/login-register-password-code/
i hope that's what you want.
best regard.
As webfan suggests, it isn't a good idea to reproduce the registration functionality on the homepage. Much better would be to simply cut and paste the login form from the registration page and keep the form action pointed to the registration page:
<form method="post" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>">
<!-- registration form HTML goes here -->
</form>

Resources