Jump to content
Please Use CODE Tags

PHP Login Form Problem

CripDawg
By CripDawg
in Programming
 Share
Posted

does anyone know what is wrong with my code i think it may have something to do with my brackets my login screen is no longer appearing i just get a blank page  thanks in advance :)

 

<?phperror_reporting (E_ALL ^ E_NOTICE);session_start ();?> <html xmlns="http://www.w3.org/1999/xhtml"><head>     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />     <title>Login</title></head><body>   <?php      $form = "<form action='./login.php' method='post'>   <table>   <tr>      <td>Username:</td>   <td><input type='text' name='user' /></td>      </tr>   <tr>        <td>Password:</td>   <td><input type='password' name='password' /></td>      </tr>   <tr>         <td></td>   <td><input type='submit' name='loginbtn' value='Login' /></td>     </tr>   <table>      </form";      if ($_POST['loginbtn']){    $user = $_POST['user'];    $password = $_POST ['password'];    if ($user){if ($password){require("connect.php"); $password = md5(md5("yjtfjtfjj".$password."xjtfjtfjj")); echo "$password";  $query = mysql_query("SELECT * FROM users WHERE username='$user'");$numrows = msql_num_rows($query);if ($numrows == 1){$row = msql_fetch_assoc($query); $dbid = $row['id'];$dbuser = $row['username'];$dbpass = $row['password'];$dbactive = $row['active']; if ($password == $dbpass){if dbactive == 1) {$_SESSION['userid'] = $dbid;$_SESSION['username'] = $dbuser; echo "you have been logged in as <b>$dbuser</b> <a href 'members.php'> Click here</a> to go to the Members page";}else echo "you must activate your account to login $form";}else echo "incorrect password $form";  }else echo "Incorrect username. $form";      mysql_close();     }     else      echo "You must enter your password. $form";               }           else                echo "You must enter your username. $form";       }    else       echo $form;    ?></html>
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

does anyone know what is wrong with my code i think it may have something to do with my brackets my login screen is no longer appearing i just get a blank page  thanks in advance :)

<?phperror_reporting (E_ALL ^ E_NOTICE);session_start ();?> <html xmlns="http://www.w3.org/1999/xhtml"><head>     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />     <title>Login</title></head><body>   <?php      $form = "<form action='./login.php' method='post'>   <table>   <tr>      <td>Username:</td>   <td><input type='text' name='user' /></td>      </tr>   <tr>        <td>Password:</td>   <td><input type='password' name='password' /></td>      </tr>   <tr>         <td></td>   <td><input type='submit' name='loginbtn' value='Login' /></td>     </tr>   <table>      </form>";      if ($_POST['loginbtn']){    $user = $_POST['user'];    $password = $_POST ['password'];    if ($user){if ($password){require("connect.php"); $password = md5(md5("yjtfjtfjj".$password."xjtfjtfjj")); echo "$password";  $query = mysql_query("SELECT * FROM users WHERE username='$user'");$numrows = msql_num_rows($query);if ($numrows == 1){$row = msql_fetch_assoc($query); $dbid = $row['id'];$dbuser = $row['username'];$dbpass = $row['password'];$dbactive = $row['active']; if ($password == $dbpass){if dbactive == 1) {$_SESSION['userid'] = $dbid;$_SESSION['username'] = $dbuser; echo "you have been logged in as <b>$dbuser</b> <a href 'members.php'> Click here</a> to go to the Members page";}else echo "you must activate your account to login $form";}else echo "incorrect password $form";  }else echo "Incorrect username. $form";      mysql_close();     }     else      echo "You must enter your password. $form";               }           else                echo "You must enter your username. $form";       }    else       echo $form;    ?></html>

Try this. I edited and fixed a mistake you made with the form and not properly(?) ending the form tag.

Mid-range Emulation Gaming and Video Rendering PC

[CPU] i7 4790k 4.7GHz & 1.233v Delidded w/ CLU & vice method [Cooling] Corsair H100i [Mobo] Asus Z97-A [GPU] MSI GTX 1070 SeaHawk X[RAM] G.Skill TridentX 2400 9-11-11-30 CR1 [PSU] Corsair 750M 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

gg my nested if statement experience.

 

This is really hard to read. I would try to find a way to combine some of those conditions, and try to indent things consistently. It will make it easier to debug your own code.

if (!empty($user) && !empty($password) {  // bejf}

Lots of security issues here as well; you should sanitize all database input and limit the number of results from the user table query to 1, to avoid an attacker being able to get the entire contents of that table.

Audio ReferenceCutting the Crap7.1 Headphones?Audio Interference Troubleshooting Guide
REVIEWSHiFiMan HE-560Beyerdynamic T1 2. GenerationSchiit Bifrost 4490Schiit Valhalla 2
RECOMMENDATIONS • The Audio Board's Recommended Gear

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Try this. I edited and fixed a mistake you made with the form and not properly(?) ending the form tag.

i tried using this but it didnt work if it helps im using this youtube tutorial 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

i tried using this but it didnt work if it helps im using this youtube tutorial 

There are bazallion issues, including syntax. You need to post more info other than "its not working", post the exact error you get.

 

P.S: My first post here :P

01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

Link to comment
Share on other sites
Link to post
Share on other sites
Posted 
$user = $_POST['user'];/* etc */ $query = mysql_query("SELECT * FROM users WHERE username='$user'"); 

Dat gaping SQL injection hole

Link to comment
Share on other sites
Link to post
Share on other sites
Posted 
$user = $_POST['user'];/* etc */ $query = mysql_query("SELECT * FROM users WHERE username='$user'"); 

Dat gaping SQL injection hole

 

Haha yea, working on fixing/refactoring up his code a little.

01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

Link to comment
Share on other sites
Link to post
Share on other sites
Posted 
<?php // login.phperror_reporting (E_ALL ^ E_NOTICE);session_start();if(isset($_POST['loginbtn'])) {	$message  = $success = '';	$user     = mysqli_real_escape_string(trim($_POST['user']));	$password = mysqli_real_escape_string($_POST['password']);	if(!$user)	{		$message  .= "You must enter your username.<br />";	}	if(!$password)	{		$message  .= "You must enter your password.<br />";	}	require("connect.php"); // use http://php.net/manual/en/book.mysqli.php instead of mysql	$password = md5(md5("yjtfjtfjj".$password."xjtfjtfjj"));	//echo "$password"; // debugging like a champ	$query   = mysqli_query("SELECT * FROM users WHERE username='$user'");	$numrows = mysqli_num_rows($query);	if($numrows != 1)	{		$message .= "Incorrect username."; // Its better not to give hint about what was wrong, just show them generic message that the login is invalid	}	else	{		$row      = mysqli_fetch_assoc($query); 		$dbid     = $row['id'];		$dbuser   = $row['username'];		$dbpass   = $row['password'];		$dbactive = (int)$row['active'];		if($password === $dbpass)		{			if($dbactive === 1)			{				$_SESSION['userid']   = $dbid;				$_SESSION['username'] = $dbuser;				$success = "you have been logged in as <b>$dbuser</b> <a href 'members.php'> Click here</a> to go to the Members page";			}			else			{				$message .= "you must activate your account to login";			}		}		else 		{			$message .= "incorrect password";		}	}	mysqli_close();}?><html xmlns="http://www.w3.org/1999/xhtml"><head>	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />	<title>Login</title></head><body>	<?php	if(!empty($success))	{		echo $success;	}	else	{		echo $message	?>	<form action='login.php' method='post'>		<table>			<tr>				<td>Username:</td>				<td><input type='text' name='user' /></td>			</tr>			<tr>				<td>Password:</td>				<td><input type='password' name='password' /></td>			</tr>			<tr>				<td></td>				<td><input type='submit' name='loginbtn' value='Login' /></td>			</tr>		<table>   	</form>	<?php	}	?></body></html>

I have refactored this code and added some security tho I have not tested this, look through it and google anything you don't know about because you should.

Happy Learning ;)

01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
<?php // login.phperror_reporting (E_ALL ^ E_NOTICE);session_start();if(isset($_POST['loginbtn'])) {	$message  = $success = '';	$user     = mysqli_real_escape_string(trim($_POST['user']));	$password = mysqli_real_escape_string($_POST['password']);	if(!$user)	{		$message  .= "You must enter your username.<br />";	}	if(!$password)	{		$message  .= "You must enter your password.<br />";	}	require("connect.php"); // use http://php.net/manual/en/book.mysqli.php instead of mysql	$password = md5(md5("yjtfjtfjj".$password."xjtfjtfjj"));	//echo "$password"; // debugging like a champ	$query   = mysqli_query("SELECT * FROM users WHERE username='$user'");	$numrows = mysqli_num_rows($query);	if($numrows != 1)	{		$message .= "Incorrect username."; // Its better not to give hint about what was wrong, just show them generic message that the login is invalid	}	else	{		$row      = mysqli_fetch_assoc($query); 		$dbid     = $row['id'];		$dbuser   = $row['username'];		$dbpass   = $row['password'];		$dbactive = (int)$row['active'];		if($password === $dbpass)		{			if($dbactive === 1)			{				$_SESSION['userid']   = $dbid;				$_SESSION['username'] = $dbuser;				$success = "you have been logged in as <b>$dbuser</b> <a href 'members.php'> Click here</a> to go to the Members page";			}			else			{				$message .= "you must activate your account to login";			}		}		else 		{			$message .= "incorrect password";		}	}	mysqli_close();}?><html xmlns="http://www.w3.org/1999/xhtml"><head>	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />	<title>Login</title></head><body>	<?php	if(!empty($success))	{		echo $success;	}	else	{		echo $message	?>	<form action='login.php' method='post'>		<table>			<tr>				<td>Username:</td>				<td><input type='text' name='user' /></td>			</tr>			<tr>				<td>Password:</td>				<td><input type='password' name='password' /></td>			</tr>			<tr>				<td></td>				<td><input type='submit' name='loginbtn' value='Login' /></td>			</tr>		<table>   	</form>	<?php	}	?></body></html>

I have refactored this code and added some security tho I have not tested this, look through it and google anything you don't know about because you should.

Happy Learning ;)

 

thanks dude that was heaps of help but its sill not showing anything when i press the login button could it be that there is something wrong with my connect.php file hers whats currently in it as it is what the tutorial specifies or should i change it to some sqli comand now that youve changed it. thaks for your help agin :) 

 

 

mysql_connect("localhost", "root", "toblerone")mysql_select_db("users");
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

thanks dude that was heaps of help but its sill not showing anything when i press the login button could it be that there is something wrong with my connect.php file hers whats currently in it as it is what the tutorial specifies or should i change it to some sqli comand now that youve changed it. thaks for your help agin :)

mysql_connect("localhost", "root", "toblerone")mysql_select_db("users");

 

yea it will be replaced with mysqli, don't use mysql its deprecated and will be removed.

 

http://php.net/manual/en/mysqli.construct.php

mysqli_connect("localhost", "root", "toblerone", "users");

01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

 

yea it will be replaced with mysqli, don't use mysql its deprecated and will be removed.

 

http://php.net/manual/en/mysqli.construct.php

mysqli_connect("localhost", "root", "toblerone", "users");

I'm getting these  errors PS i can see them now i have Xampp instead of using mowes portable

 

 

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10

Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 27

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28

Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 64

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm getting these  errors PS i can see them now i have Xampp instead of using mowes portable

 

 

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10

Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 27

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28

Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 64

 

Read the documentation: http://php.net/manual/en/mysqli.query.php

 

You're using the procedural method so you will have to pass the link identifier as first parameter.

 

assign the mysqli_connect to a variable and use that as first parameter.

01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Here's one i made quite a while ago. This is procedural code, you should be able to get a good understanding of it. 

<?phpinclude 'inc/config.inc.php';echo $includes;session_start("dfhbuijdfhiufdshikfdshjku");$email = (isset($_POST['email']) ? htmlspecialchars($_POST['email']) : "");$password = (isset($_POST['password']) ? htmlspecialchars($_POST['password']) : "");function handleLogin($email, $password, $db){	global $return;	global $handle;	$email = strtolower(mysqli_real_escape_string($db, $email));	$password = hash('sha512', mysqli_real_escape_string($db, $password));	$query = mysqli_query($db, "SELECT * FROM `users` WHERE email='$email'");	$row = mysqli_fetch_assoc($query);	if($password == $row['password']):		$ip = @$_SERVER['HTTP_X_FORWARDED_FOR'];		$updateip = mysqli_query($db, "UPDATE `users` SET ip='$ip' WHERE email='$email'");		$_SESSION['email'] = $email;		$_SESSION['name'] = $row['name'];		$handle = '<div class="alert alert-dismissible alert-success"><b>Alright!</b><p>You have successfully logged in! Redirecting in 3 seconds.</p></div>		<meta http-equiv="refresh" content="3; url=index.php" />';	else:		$return = '<div class="alert alert-dismissible alert-warning"><b>Uh oh!</b><p>Invalid email/password combination.</p></div>';	endif;}$handle = '		<div class="alert alert-dismissible alert-warning"><b>Can\'t login?</b><p>We have upgraded encryption, everyone must do a password reset. Click <a href="reset.php">here</a> to do so.</p></div>			<form method="POST" action="login.php">				<input class="form-control" type="email" placeholder="example@[member='Example'].com" name="email"/>				<br/>				<input class="form-control" type="password" placeholder="password" name="password"/>				<br/>				<input style="width: 100%;" class="btn btn-success" type="submit" value="Login"/>			</form>';if(@isset($_SESSION['email'])){	$handle = '<div class="alert alert-dismissible alert-danger"><b>Uh oh!</b><p>You are already logged in and may not use this page! Redirecting.</p></div><meta http-equiv="refresh" content="3; url=index.php" />';}elseif($email && $password){	if($email !== "" && $password !== ""):		handleLogin($email, $password, $db);	else:		//impossible error but yolo		$return = '<div class="alert alert-dismissible alert-warning"><b>What the fucking shit!</b><p>An error fucking occured somehow!</p></div>';	endif;}?><html><head><title>GouldingKV's - Login</title></head><body>	<div class="well" style="max-width: 35%; margin: auto auto; margin-top: 10%;">		<center><a href="index.php"><img src="img/logo4.png"/></a></center>		<br/>			<?php				echo $handle;				if(@$return):					echo '<br/>' . $return;				endif;			?>			<p style="float: left;">Don't have an account? <a href="register.php">Register here.</a></p> <p style="float: right;">Forgot your password? <a href="reset.php">Reset it here.</a></p>			<br/>			<br>			<a href="https://fakewebsite.io/"><div class="alert alert-dismissible alert-info"><p>Need a VPS? Get one from fakewebsite.io! (Click this ad anywhere)</p></div></a>	</div></body></html>

i want to die

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Read the documentation: http://php.net/manual/en/mysqli.query.php

 

You're using the procedural method so you will have to pass the link identifier as first parameter.

 

assign the mysqli_connect to a variable and use that as first parameter.

so at the line "require (connect.php)" i replace it with   $link = mysqli_connect("localhost", "joseph.foley", "toblerone", "users"); is that correct and also dose this remove the need for connect.php altogether?

 

 sorry I'm really amateur at php i not long switched from visual basic 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

so at the line "require (connect.php)" i replace it with   $link = mysqli_connect("localhost", "joseph.foley", "toblerone", "users"); is that correct and also dose this remove the need for connect.php altogether?

 

 sorry I'm really amateur at php i not long switched from visual basic 

the point of "connect.php" is basically the same point as "config.php".

You set it in that file so you can include it in multiple files later without having to retype >mysqli_connect("localhost" etc) in every file.

 

Any var you set in a file that you're including/requiring you can use in your script later.

 

example:

 

in connect.php we have

$link = mysqli_connect("localhost", "joseph.foley", "toblerone", "users");

 

if we open up login.php and put

include 'connect.php';

 

later down the line we can use $link

 

so if you wanted to escape strings for mysql you'd do

mysqli_real_escape_string($link, $var)

i want to die

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

the point of "connect.php" is basically the same point as "config.php".

You set it in that file so you can include it in multiple files later without having to retype >mysqli_connect("localhost" etc) in every file.

 

Any var you set in a file that you're including/requiring you can use in your script later.

 

example:

 

in connect.php we have

$link = mysqli_connect("localhost", "joseph.foley", "toblerone", "users");

 

if we open up login.php and put

include 'connect.php';

 

later down the line we can use $link

 

so if you wanted to escape strings for mysql you'd do

mysqli_real_escape_string($link, $var)

so how would i fix these two lines?

 

$user     = mysqli_real_escape_string(trim($_POST['user']));$password = mysqli_real_escape_string($_POST['password']);
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

so how would i fix these two lines?

$user     = mysqli_real_escape_string(trim($_POST['user']));$password = mysqli_real_escape_string($_POST['password']);

$user = mysqli_real_escape_string($link, $_POST['user']);

$password = mysqli_real_escape_string($link, $_POST['password']);

i want to die

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

$user = mysqli_real_escape_string($link, $_POST['user']);

$password = mysqli_real_escape_string($link, $_POST['password']);

if i change those lines to what you said the errors say it received no parameters instead of 1/2? I'm very confused sorry

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

if i change those lines to what you said the errors say it received no parameters instead of 1/2? I'm very confused sorry

paste both errors

i want to die

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

paste both errors

$user = mysqli_real_escape_string($link, $_POST['user']);$password = mysqli_real_escape_string($link, $_POST['password']);

 

Errors 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10

Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 29

Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 65

 

 

 

$user     = mysqli_real_escape_string(trim($_POST['user']));$password = mysqli_real_escape_string($_POST['password']);

 

Errors

 

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10

Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 29

Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 65

Link to comment
Share on other sites
Link to post
Share on other sites
Posted 


Errors


 


Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28


Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 29


Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 65


 




 


 


 


Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10




You will only get this error when the post data isn't set. Don't worry about it.


 


Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28


as goes, $query = mysqli_query($link, "YOUR QUERY STRING HERE");


 


 


Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 29


This will error because mysqli_query failed.


Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 65


mysqli_close($link)


 


 


Hope this helps.



			
		


		
			

	

		

		

			

	i want to die


		

	


		
	


	

	






















	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	


		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	



	




					
					
					
				

					

					
					






	

	
	

		




	

		

			Posted 
			
			
				
				
			
		

		

			

				
    
					
					
  • Author
    • 
					
					
					
					
					
				

			

			
		

	

	

	

    

	

		

			



 


 


Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10




You will only get this error when the post data isn't set. Don't worry about it.


 


Warning: mysqli_query() expects at least 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 28


as goes, $query = mysqli_query($link, "YOUR QUERY STRING HERE");


 


 


Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 29


This will error because mysqli_query failed.


Warning: mysqli_close() expects exactly 1 parameter, 0 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 65


mysqli_close($link)


 


 


Hope this helps.


 




that fixed most of it but it sill says the top two and it still won't log me in with the details i entered in the database 


 


outputs:


 


Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 9


Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /Applications/XAMPP/xamppfiles/htdocs/xampp/login.php on line 10


You must enter your username.


You must enter your password.


Incorrect username.


 


 




  <?php // login.phperror_reporting (E_ALL ^ E_NOTICE);session_start(); if(isset($_POST['loginbtn'])) {$message  = $success = ''; $user     = mysqli_real_escape_string(trim($_POST['user']));$password = mysqli_real_escape_string($_POST['password']); if(!$user){$message  .= "You must enter your username.<br />";}if(!$password){$message  .= "You must enter your password.<br />";} include("connect.php");  $password = md5(md5("yjtfjtfjj".$password."xjtfjtfjj")); //echo "$password"; // debugging like a champ $query   = mysqli_query($link, "SELECT * FROM users WHERE username='$user'");$numrows = mysqli_num_rows($query); if($numrows != 1){$message .= "Incorrect username."; // Its better not to give hint about what was wrong, just show them generic message that the login is invalid}else{$row      = mysqli_fetch_assoc($query); $dbid     = $row['id'];$dbuser   = $row['username'];$dbpass   = $row['password'];$dbactive = (int)$row['active']; if($password === $dbpass){if($dbactive === 1){$_SESSION['userid']   = $dbid;$_SESSION['username'] = $dbuser; $success = "you have been logged in as <b>$dbuser</b> <a href 'members.php'> Click here</a> to go to the Members page";}else{$message .= "you must activate your account to login";}}else {$message .= "incorrect password";}  } mysqli_close($link);}?> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Login</title></head><body><?phpif(!empty($success)){echo $success;}else{echo $message?><form action='login.php' method='post'><table><tr><td>Username:</td><td><input type='text' name='user' /></td></tr><tr><td>Password:</td><td><input type='password' name='password' /></td></tr><tr><td></td><td><input type='submit' name='loginbtn' value='Login' /></td></tr><table>   </form><?php}?></body></html>



			
		


		
	


	

	






















	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	


		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	



	




					
					
					
				

					

					
					






	

	
	

		




	

		

			Posted 
			
			
				
				
			
		

		

			

				
    
					
					
					
					
					
				

			

			
		

	

	

	

    

	

		

			

move


include("connect.php");


to the very top of the file, just after <?php line


 


and pass $link to all mysqli functions first parameter.



			
		


		
			

	

		

		

			
01111001 01101111 01110101 00100000 01101010 01110101 01110011 01110100 00100000 01110111 01100001 01110011 01110100 01100101 01100100 00100000 01111001 01101111 01110101 01110010 00100000 01110100 01101001 01101101 01100101 00100000 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01101001 01101110 01100111 00100000 01110100 01101000 01101001 01110011

		

	


		
	


	

	






















	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	


		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	



	




					
					
					
				
			
			



		

	


	

	
	
		
	

			
				
				



	
	
		

			
				
Create an account or sign in to comment

				
You need to be a member in order to leave a comment

			
	
			

				

					

						
Create an account

						
Sign up for a new account in our community. It's easy!

						
							
						
						Register a new account
					

					

						
Sign in

						
Already have an account? Sign in here.

						Sign In Now
					

				

			

		

	


			
		

	

	
		

			

				
					


    
          Share
    

    

        
        
            

            
        
    


				
				
                

                




				
			

		

	







	

		
			
				Go to topic listing
				Programming
			
		
	

	





							

						

						


	

		
		
		
			

				



	
	



			

			

		
		

	

		
	


	


					

					

				

			

			
		

		
		


	×