My form is giving me an HTTP 500 error every time I try to login in using the login page defined by login.php.
Website: http://ift.tt/2o7pij0
Try username1 and password1
Nothing appears in the console when the error occurs.
I am logging in using the login.php file which uses my MySQL credentials from config.php. I am trying to redirect to welcome.php which uses studentform.js and session.php for validation and verification. I am verifying if the username and password on the form match what is in the database. Then I am redirecting the client to a login page that checks what option was chosen in the Options section and gives back an input that either means to add/remove items from the DB or to show the current row for the students.
config.php
<?php
define('DB_SERVER', 'sampleserver');
define('DB_USERNAME', 'sampleuser');
define('DB_PASSWORD', 'samplepassword');
define('DB_DATABASE', 'sampledb');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
login.php
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM Student_Record WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
session_register("myusername");
$_SESSION['login_user'] = $myusername;
header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div style = "width:300px; border: solid 1px #333333; " align = "left">
<div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style = "margin:30px">
<form action = "" method = "post">
<label>Username:</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password:</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = "Submit"/><br />
</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</div>
</body>
</html>
studentform.js
function validate() {
var studentid = document.getElementById("studentid").value;
var name = document.getElementById("name").value;
var email = document.getElementById("email").value;
if (nameEmpty(name)) {
if (studentidEmpty(studentid)) {
if (emailEmpty(email)) {
if (digitCheck(studentid)) {
if (checkEmail(email)) {
return verify(name, studentid);
}
}
}
}
}
return false;
}
function studentidEmpty(studentid) {
if (studentid == "") {
alert("Please provide your student id!");
document.getElementById("studentid").focus();
return false;
} else {
return true;
}
}
<-- studentform.js -->
function nameEmpty(name) {
if (name == "") {
alert("Please provide your name!");
document.getElementById("name").focus();
return false;
} else {
return true;
}
}
function emailEmpty(email) {
if (email == "") {
alert("Please provide your email!");
document.getElementById("email").focus();
return false;
} else {
return true;
}
}
function digitCheck(studentid) {
var ok = studentid.search(".{8,}");
if (ok != 0) {
alert("Please provide ID with 8 digits.");
return false;
} else {
return true;
}
}
function checkEmail(email) {
var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (!filter.test(email)) {
alert('Please provide a valid email address');
email.focus;
return false;
} else {
return true;
}
}
session.php
<?php
include('config.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"SELECT username from Student_Record where
username = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$login_session = $row['username'];
if(!isset($_SESSION['login_user'])){
header("location:login.php");
}
if(isset($_POST['form']))
{
$Options = $_POST['Options'];
}
switch($Options)
{
case "Transcipt":{
$name = $_POST['name'];
$sql = "SELECT * from Student_Record where fullname = '$name'";
//echo $sql;
$result=$db->query($sql);
if ($result->num_rows > 0) {
$query = "SELECT * from Student_Record where fullname = '$name'";
//You don't need a ; like you do in SQL
//$result1 = mysqli_query($conn,$query);
$result1=$conn->query($query);
echo "<br><br><table>"; // start a table tag in the HTML
while($row = $result1->fetch_assoc()){ //Creates a loop to loop
through results
echo "<tr><td>" . $row['fullname'] . "</td><td>" .
$row['Student_ID'] . "</td><td>" . $row['email'] . "</td><td>" .
$row['courses'] . "</td><td>" . $row['grades'] . "</td></tr>";
//$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
}
else{
echo "not found";
}
}
case "Register":
{
$selection = $_POST['change'];
$course = $_POST['course'];
$name = $_POST['name'];
$sql = "SELECT courses from Student_Record where fullname = '$name'";
$result = $db->query($sql);
if($selection="Add"){
$newcourses = $result + $course
$sql = "UPDATE MyGuests SET courses='$newcourses' WHERE fullname='$name'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
if($selection="Drop"){
$newcourses = str_replace($course,"",$result);
$sql = "UPDATE Student_Record SET courses='$newcourses' WHERE fullname='$name'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
if ($result->num_rows > 0) {
$query = "SELECT * from Student_Record where fullname = '$name'"; //You don't need a ; like you do in SQL
//$result1 = mysqli_query($conn,$query);
$result1=$conn->query($query);
echo "<br><br><table>"; // start a table tag in the HTML
while($row = $result1->fetch_assoc()){ //Creates a loop to loop through results
echo "<tr><td>" . $row['fullname'] . "</td><td>" . $row['Student_ID'] . "</td><td>" . $row['email'] . "</td><td>" . $row['courses'] . "</td><td>" . $row['grades'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
}
else{
echo "not found";
}
break;
}
default: {
echo("Error!");
exit();
break;
}
}
$checkQuery = "SELECT * from Student_Record WHERE
username='$_POST[fullname]'";
$userCheck = mysqli_query($db, $checkQuery);
if(!$userCheck){
echo "Invalid name";
return false;
}
$checkQuery = "SELECT * from Student_Record WHERE
Student_ID='$_POST[studentid]'";
$userCheck = mysqli_query($db, $checkQuery);
if(!$userCheck){
echo "Invalid Student ID";
return false;
}
?>
Aucun commentaire:
Enregistrer un commentaire