0

i have a user login page and php script to check the login credentials with data stored in a database. Everything works fine, i just tried adding a msg box styled with CSS containing the text "wrong email" if login details didn't match the data in the database and it will automatically return to login page.

Unfortunately, the msg is not being echoed and it is returning to login page..

my php code goes like this..

<style>
.alert {
    padding: 20px;
    background-color: #f44336;
    color: white;
}

.closebtn {
    margin-left: 15px;
    color: white;
    font-weight: bold;
    float: right;
    font-size: 22px;
    line-height: 20px;
    cursor: pointer;
    transition: 0.3s;
}

.closebtn:hover {
    color: black;
}
</style

<?php
    //15 2 2015
    session_start();
    $Cser = mysqli_connect("localhost","root","*****","database") or die("Server connection failed : ".mysqli_error($Cser));
    $email = $_REQUEST["email"];
    $password = $_REQUEST["password"];


    $s = "select * from fuser where email='".$email."' and password = '".$password."'";

    $result = mysqli_query($Cser,$s);

    $count = mysqli_num_rows($result);

    if($count>0)
    {
        $_SESSION["username"] = $username; 
        $_SESSION["login"]="1";
        header("location:../home.php");
    }
    else
    {
        echo '<div class="alert">';
        echo '<span class="closebtn" onclick="this.parentElement.style.display="none";">&times;</span>';
        echo '<strong>Danger!</strong> wrong email id';
        echo '</div>';
        header("location:sign.php");
    }
?>

My sign.php code as follows::

<!DOCTYPE html>
<html >

<?php
    $servername = "localhost";
    $username = "root";
    $password = "*******";
    $dbname = "database";
    $conn = new mysqli($servername, $username, $password, $dbname);


?>

  <head>
    <meta charset="UTF-8">
    <title>title</title>
    <script src="http://s.codepen.io/assets/libs/modernizr.js" type="text/javascript"></script>

<link href='http://fonts.googleapis.com/css?family=PT+Sans:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://s3-us-west-2.amazonaws.com/s.cdpn.io/148866/reset.css">

    <link rel="stylesheet" href="css/reset.css">
    <link rel="stylesheet" href="css/style.css">
  </head>
    <body>
    <header role="banner">

        <nav class="main-nav">
            <ul>
                <!-- inser more links here -->

                <li><a class="cd-signin" href="#0">Sign In</a></li>
                <li><a class="cd-signup" href="#0">Sign Up</a></li>
            </ul>
        </nav>
    </header>
    <label class="thought">
        <p> find your passion, <br><br> make it as your profession </p>
    </label>
    <div class="cd-user-modal"> <!-- this is the entire modal form, including the background -->
        <div class="cd-user-modal-container"> <!-- this is the container wrapper -->
            <ul class="cd-switcher">
                <li><a href="#0">Sign In</a></li>
                <li><a href="#0">Sign Up</a></li>
            </ul>

            <div id="cd-login"> <!-- log in form -->
                <form class="cd-form" action="logincheck.php" method="post">
                    <p class="fieldset">
                        <label class="image-replace cd-email" for="signin-email">E-mail</label>
                        <input class="full-width has-padding has-border" name="email" id="signin-email" type="text" placeholder="E-mail" required autocomplete="off">
                        <span class="cd-error-message">Error message here!</span>
                    </p>

                    <p class="fieldset">
                        <label class="image-replace cd-password" for="signin-password">Password</label>
                        <input class="full-width has-padding has-border" name="password" id="signin-password" type="text"  placeholder="Password" required autocomplete="off">
                        <a href="#0" class="hide-password">Hide</a>
                        <span class="cd-error-message">Error message here!</span>
                    </p>

                    <p class="fieldset">
                        <input type="checkbox" id="remember-me">
                        <label for="remember-me">Remember me</label>
                    </p>

                    <button class="button button-block" type="submit" > Sign In </button>
                </form>

                <p class="cd-form-bottom-message"><a href="#0">Forgot your password?</a></p>
                <!-- <a href="#0" class="cd-close-form">Close</a> -->
            </div> <!-- cd-login -->

            <div id="cd-signup"> <!-- sign up form -->
                <form class="cd-form" action="register.php" method="post" >
                    <p class="fieldset">
                        <label class="image-replace cd-username"  for="signup-username">Profile Name</label>
                        <input class="full-width has-padding has-border" name="name" id="signup-username" type="text" placeholder="Type your Name" required autocomplete="off">
                        <span class="cd-error-message">Error message here!</span>
                    </p>

                    <p class="fieldset">
                        <label class="image-replace cd-email"  for="signup-email">E-mail</label>
                        <input class="full-width has-padding has-border" name="email" id="email" type="text"  placeholder="example@mail.com"required autocomplete="off" onkeyup="checkemail();">
                        <span class="cd-error-message" id="result"></span>
                    </p>
                    <label id="title" class="dropdown"><font face="verdana">&nbsp;&nbsp;Select any three streams that your skills suits the best:    </font><br><br>
                        <select id="job" name="category1" required>
                          <option value="Engineering"><font face="verdana">Engineering</font></option>
                          <option value="Medical"><font face="verdana">Medical</font></option>
                          <option value="Programming"><font face="verdana">Programming</font></option>
                          <option value="Business"><font face="verdana">Business</font></option>
                          <option value="Admin"><font face="verdana">Admin</font></option>
                          <option value="Other"><font face="verdana">Other</font></option>
                        </select>
                        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                        <select id="job" name="category2" required>
                          <option value="Engineering"><font face="verdana">Engineering</font></option>
                          <option value="Medical"><font face="verdana">Medical</font></option>
                          <option value="Programming"><font face="verdana">Programming</font></option>
                          <option value="Business"><font face="verdana">Business</font></option>
                          <option value="Admin"><font face="verdana">Admin</font></option>
                          <option value="Other"><font face="verdana">Other</font></option>
                        </select>
                        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                        <select id="job" name="category3" required>
                          <option value="Engineering"><font face="verdana">Engineering</font></option>
                          <option value="Medical"><font face="verdana">Medical</font></option>
                          <option value="Programming"><font face="verdana">Programming</font></option>
                          <option value="Business"><font face="verdana">Business</font></option>
                          <option value="Admin"><font face="verdana">Admin</font></option>
                          <option value="Other"><font face="verdana">Other</font></option>
                        </select>
                    </label>
                    <p class="fieldset">
                        <label class="image-replace cd-password"  for="signup-password">Password</label>
                        <input class="full-width has-padding has-border" name="password" id="signup-password" type="text"  placeholder="Password" required autocomplete="off">
                        <a href="#0" class="hide-password">Hide</a>
                        <span class="cd-error-message">Error message here!</span>
                    </p>

                    <p class="fieldset">
                        <input type="checkbox" id="accept-terms" required>
                        <label for="accept-terms">I agree to the <a href="#">Terms</a></label>
                    </p>


                        <button class="button button-block" type="submit" > Create an Account </button>

                </form>

                <!-- <a href="#0" class="cd-close-form">Close</a> -->
            </div> <!-- cd-signup -->

            <div id="cd-reset-password"> <!-- reset password form -->
                <p class="cd-form-message">Lost your password? Please enter your email address. You will receive a link to create a new password.</p>

                <form class="cd-form">
                    <p class="fieldset">
                        <label class="image-replace cd-email" for="reset-email">E-mail</label>
                        <input class="full-width has-padding has-border" id="reset-email" type="email" placeholder="E-mail" autocomplete="off" required>
                        <span class="cd-error-message">Error message here!</span>
                    </p>

                    <p class="fieldset">
                        <input class="full-width has-padding" type="submit" value="Reset password">
                    </p>
                </form>

                <p class="cd-form-bottom-message"><a href="#">Back to log-in</a></p>
            </div> <!-- cd-reset-password -->
            <a href="#" class="cd-close-form">Close</a>
        </div> <!-- cd-user-modal-container -->
    </div> <!-- cd-user-modal -->

    <script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>

        <script src="js/index.js"></script>
  </body>
</html>

Any help is greatly appreciated..

harishk
  • 418
  • 5
  • 21
  • 1
    Don't store your passwords in plain text. [Hash them](http://php.net/password_hash). – Mike Sep 24 '16 at 06:13
  • noted.......... – harishk Sep 24 '16 at 06:15
  • 1
    Not an exact duplicate, but: http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php/8028979#8028979 – Mike Sep 24 '16 at 06:15
  • `header()` needs to be used as the first command, nothing should be echoed or displayed before it otherwise it will not work. So you need to redirect immediately and put a message on `sign` screen or you can change the redirect into a link in the code you have now – RST Sep 24 '16 at 06:27
  • Why don't you explain to us what it exactly is that you're trying to achieve? Do you want the error message to display on the website and then after a few seconds it redirects to the login page? Do you want something like a Javascript alert where it warns the user the login details were incorrect and after pressing Ok it redirects to login? – icecub Sep 24 '16 at 06:35
  • no . not javascript.. when user presses login button with wrong details. ..it should redirect to sign page, then it should show a msg box with error msg.. – harishk Sep 24 '16 at 06:37
  • It seems to me that you're using some kind of html template and are trying to write your own login script to it. I'm afraid it's so full of problems (it would take me less than a minute to hack into any account or even completely wipe your entire database) that I have to say those problems must be solved first in order to achieve what you want. – icecub Sep 24 '16 at 07:00
  • how is it possible.. am i that exphosed? – harishk Sep 24 '16 at 07:18
  • Yes you are. It's called SQL Injection. Since you're using POST data directly into your query, I could for example type a password like this: `pass' OR '1' = '1`. Now your script will check if pass is the correct password, which is false, but 1 is equal to 1, which is true, so allow access. – icecub Sep 24 '16 at 07:21
  • You can prevent this with Prepared Statements. Which isn't really complicated to learn, but definitely not easy for a beginner. Also you need to start hashing passwords. Many users will use the same password on your website as they use for other stuff. Like their email or perhaps even their bank accounts. You don't want that to fall in the wrong hands. Not to mention that any court will find you liable for damages if your database gets hacked because you didn't provide sufficient protection to privacy sensative data. – icecub Sep 24 '16 at 07:29
  • thanks man.. will do – harishk Sep 24 '16 at 07:32

2 Answers2

0

Remove the redirection code from the else condition, PHP will redirect without echoing/displaying anything on-screen.

 ... else
{
    echo '<div class="alert">';
    echo '<span class="closebtn" onclick="this.parentElement.style.display="none";">&times;</span>';
    echo '<strong>Danger!</strong> wrong email id';
    echo '</div>';
}
GeekBot
  • 1
  • 1
  • 1
    no, it didn't returned to the sign in page.. it just showed the error page in a blank page, where the address says the logincheck.php – harishk Sep 24 '16 at 06:17
  • @harishk Do you have any redirect function elsewhere? – GeekBot Sep 24 '16 at 06:21
  • You may need to share some part of your `sign.php` file, everything seems okay with your script. The redirection could be coming from there and also consider removing the style code from the page and loading it after your PHP code @harishk – GeekBot Sep 24 '16 at 06:24
  • dude, script posted, please take a look – harishk Sep 24 '16 at 06:38
0

To keep your code you need to remove the header() redirect and either put a link on the bottom of the error message or use a META tag for redirect.

The code below will redirect after 10 seconds, so the user can read your error message:

 ... else
{
    echo '<div class="alert">';
    echo '<span class="closebtn" onclick="this.parentElement.style.display="none";">&times;</span>';
    echo '<strong>Danger!</strong> wrong email id';
    echo '</div>';
    echo '<meta http-equiv="refresh" content="10;url=sign.php">';
}

or, with a link

 ... else
{
    echo '<div class="alert">';
    echo '<span class="closebtn" onclick="this.parentElement.style.display="none";">&times;</span>';
    echo '<strong>Danger!</strong> wrong email id';
    echo '</div>';
    echo '<a href="sign.php">go back to login page</a>';
}
moni_dragu
  • 1,163
  • 9
  • 16
  • can we make that error msg appear on the same sign in page .. i mean, when user login with wrong detials, he will be redirected to sign in page where he see's the error msg. on the top... @moni_dragu – harishk Sep 24 '16 at 07:54
  • @harishk You should stop asking people to make your error messages appear on the login page. It's simply to much to explain in an answer. The login page would have to become one with the login check code in order to achieve what you want. Or you will have to send the error messages back to the login page somehow. It's not something that can be done or explained to you in a few words. It simply means half your code must be rewritten. – icecub Sep 24 '16 at 08:06
  • @harishk Here: http://pastebin.com/zDZz0zVG That is an example on how you do it. Save that code in a `test.php` file and try it out. After that, good luck rewriting your code to do the same. – icecub Sep 24 '16 at 08:15