1

I am extremely new to php, and I'm trying to create a user profile to display information from the database. My problem is that I keep getting "you need to specify a username!" which is from the echo of my if statement.

Could you point out to me why it isn't showing the username?

Below is my code for the profile.

<?php
    //check for a form submission
    if (isset($_GET['username'])){
        $username = $_GET['username'];
        $q = "SELECT * FROM student WHERE username = '$username'";
        $r = mysqli_query($dbc, $q);

        if(mysqli_num_rows($r) == 1) {

            die ("that user name could not be found!");
        }
        while($row = mysqli_fetch_array($r, MYSQLI_ASSOC)){
            $firstname = $row['firstname'];
            $lastname = $row['lastname'];
            $age = $row['age'];
        }
?>
<?php
        } else die ("you need to specify a username!");
?>

Below is the login

<?php 

# Database Connetion:
include('config/setup.php');  


# Loggin authentication
if($_POST) {

    $q = "SELECT * FROM student WHERE username = '$_POST[user]' AND password = SHA1('$_POST[password]')";
    $r = mysqli_query($dbc, $q);


    if( mysqli_num_rows($r) == 1) {

        $_SESSION['username'] = $_POST['user'];
        header('Location: profile.php');

    }


}

 ?>

Below is my database connection and session start 

<?php
//Setup File:

#Start Session:
session_start();

# Database Connection Here...
$dbc = mysqli_connect('localhost', 'dev', 'dev123', 'mvt') OR die ('Could not connect because: '.mysqli_connect_error());



?>

I set the session start in the connection file and called it using the include function below.

<?php include('config/setup.php'); ?>

Sorry if my code is messy, I am new to PHP and I'm still trying to grasp it.

<title><?php echo $page_title.' | '.$site_title; ?> </title>
<meta name="viewport" content="width=device-width, initial-scale=1">

<?php include('config/css.php'); ?>
<?php include('config/js.php'); ?>


  <div class="container">


  <div class="masthead">
    <h3 class="text-muted"></h3>
    <nav>
      <ul class="nav nav-justified">
        <li class="active"><a href="index.php">Home</a></li>
        <li><a href="#">Projects</a></li>
        <li><a href="#">Services</a></li>
        <li><a href="#">Downloads</a></li>
        <li><a href="#">About</a></li>
        <li><a href="#">Contact</a></li>
      </ul>
    </nav>
  </div>

    </div>



  <div class="container">

        <div class="row">


            <div class="col-md-4 col-md-offset-4">

                    <div class="panel panel-info">

                    <div class="panel-heading">
                        <strong>Login</strong> 
                    </div><!-- END Pannel heading -->


                        <div class="panel-body"> 



                            <form action="login.php" method="post">

                              <div class="form-group">
                                <label for="user">UserName</label>
                                <input type="text" class="form-control" id="user" name="user" placeholder="UserName">
                              </div>


                              <div class="form-group">
                                <label for="password">Password</label>
                                <input type="password" class="form-control" id="password" name="password" placeholder="Password">
                              </div>

                             <!--
                              <div class="checkbox">
                                <label>
                                  <input type="checkbox"> Check me out
                                </label>
                              </div>
                              --> 

                              <button type="submit" class="btn btn-default">Login</button>
                              <a href="registration.php">register</a>
                            </form> <!-- END of form -->

                        </div> <!-- END of pannel body -->

            </div><!-- END of Column -->

        </div><!-- END of ROW -->

        </div> <!-- END of container -->





<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<script src="../../assets/js/ie10-viewport-bug-workaround.js"></script>

J.forrest
  • 11
  • 2
  • No idea, since we don't know what's above `if(mysqli_num_rows($r) == 1)` - Best guess; your query failed and you need to find out why. – Funk Forty Niner Sep 17 '15 at 22:04
  • when you say you don't know what is above `if(mysqli_num_rows($r) == 1)` what do you mean exactly? That is all of my login code, i see i forgot to put the opening php tag but other than that, its all ive got for the login. – J.forrest Sep 18 '15 at 03:17
  • Ok never mind. I noticed you didn't properly indent your code, I edited it. Question is, where is `$_GET['username']` coming from and `$_POST[user]` etc? you didn't show us the form for it too. – Funk Forty Niner Sep 18 '15 at 11:54
  • There are too many unknowns. One, if a user was successfully created and using SHA1 (which I suggest you don't use for a live site) and if your form doesn't contain any errors or missing a few things. I won't be able to supply you with a solution; not with what you have provided and "not" provided. Check for errors on both PHP and your query, good luck. – Funk Forty Niner Sep 18 '15 at 12:44
  • Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Sep 18 '15 at 12:46
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Sep 18 '15 at 12:47
  • You really shouldn't use your own methods for password hashes and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Sep 18 '15 at 12:47
  • alright thanks for the advice, I pasted the forms for you, hopefully it helps, ill go try to do what was suggested. – J.forrest Sep 18 '15 at 18:27

1 Answers1

0

header('Location: profile.php') is redirecting your browser - so profile.php is being executed independently of the rest of your code. Change it to include('profile.php') instead

Ragdata
  • 1,156
  • 7
  • 16
  • I did what you said, i had to take the start_session() out of my config file, because it says a session was already started, but im still having the same issue with the } else die ("you need to specify a username!"); as that is all i am getting. Question though, is the include supposed to redirect me to profile.php, because it isnt, the url says "http://localhost/adrian/login.php" although i see the echo. and thanks ill keep trying to figure out my problem. – J.forrest Sep 18 '15 at 03:14