0

My site looks like this after login, without any navigation bar or css. It should have included my header2.php file, which contains my nav bar and my css should be working.

Below is my code for login.php:

<?php

ob_start();

if (!isset($_POST['submit'])) {
   header("Location: /../index.php?login=error");
   exit();
} else {
     include_once __DIR__.'/dbh.php';
     include_once __DIR__.'/../header2.php';




     $uid =  strip_tags($_POST['uid']);
     $pwd =  strip_tags($_POST['password']);


$date = date("Y-m-d H:i:s");

            $sql = "UPDATE users
                     SET user_session = ?
                     WHERE user_uid = ?;
                      ";
                            $stmt = mysqli_stmt_init($conn);
                            //Prepare the prepared statement
                            if (!mysqli_stmt_prepare($stmt, $sql)) {
                                echo 'SQL statement failed';
                            } else {
                                 //Bind parameters to the placeholder
                                 mysqli_stmt_bind_param($stmt, "ss", $date, $_SESSION['u_uid']);
                                 //Run parameters inside database
                                 mysqli_stmt_execute($stmt);

      // include error handlers:
      // Check to see if the inputs are empty

     //Check to see if user has activated his or her account before logging in








              $user_activate = 0;




      if(empty($uid) || empty($pwd)) {
        echo "<meta http-equiv='refresh' content='0;url=../signup.php?signup=empty'>"; 
        exit();
      } else {

        // Check to see if user has activated his or her account

        $sql = "SELECT * FROM users WHERE user_activate = ? AND user_uid= ?;";

       $stmt = mysqli_stmt_init($conn);
                            //Prepare the prepared statement
       if (!mysqli_stmt_prepare($stmt, $sql)) {
         echo 'SQL statement failed';
       } else {
       //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "is", $user_activate, $uid);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);
      $result = mysqli_stmt_get_result($stmt);
      $resultCheck = mysqli_num_rows($result);


    if($resultCheck > 0) {
      echo "<meta http-equiv='refresh' content='0;url=/../index.php?signup=notactivated'>"; 
       exit();
       } else {


        // Check to see if the username exists in the database

        $sql = "SELECT * FROM users WHERE user_uid = ? OR user_email = ?";
        $stmt = mysqli_stmt_init($conn);
       //Prepare the prepared statement
       if (!mysqli_stmt_prepare($stmt, $sql)) {
          echo 'SQL statement failed';
        } else {
      //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "ss", $uid, $uid);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);
       $result = mysqli_stmt_get_result($stmt);
       $resultCheck = mysqli_num_rows($result);



        if ($resultCheck < 1) {

        echo "<meta http-equiv='refresh' content='0;url=/../index.php?login=notsignup'>";
          exit();
        } else {
             // Does the password match the password in the database?
       // while($row = mysqli_fetch_assoc($result));
          if ($row = mysqli_fetch_assoc($result)) { // insert database results into an array
            // De-hasing the password
            $hashedPwdCheck = password_verify($pwd, $row['user_password']);
            if ($hashedPwdCheck == false) {
              $login_attempts = $row['login_attempts'];
              $login_attempts += 1;

               $sql2 = "UPDATE users
                        SET login_attempts = ?
                        WHERE user_uid = ?;

                       ";

              if (!mysqli_stmt_prepare($stmt, $sql2)) {
          echo 'SQL statement failed';
        } else {
      //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "is", $login_attempts, $uid);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);

      if ($row['login_attempts'] == 5) {
          $login_attempts = 0;
          $user_activate = 0;
          $token = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!@#$%^^()';
          $token = str_shuffle($token);
          $token = substr($token, 0, 10);

          $sql3 = "UPDATE users
                   SET user_activate = ?, user_token = ?, login_attempts = ?
                   WHERE user_uid = ?;

                  ";

              if (!mysqli_stmt_prepare($stmt, $sql3)) {
          echo 'SQL statement failed';
        } else {
      //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "isis", $user_activate, $token, $login_attempts, $uid);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);


     $company = "pianocourse101@hotmail.com";
     $subject = "Account temporary deactivated due to fail login attempts";
     $mailTo = $row['user_email'];
     $headers = "From: ".$company;
     $txt = "Dear".$row['user_first']."".$row['user_last'].", \n\nYour account has been temporary deactivated because either you or someone claiming to be you has failed to log into your account on more than 5 occasions! \n\n You can use the following information to reactivate your account: \n\n Your new token: ".$token."\n\nYou can either copy and paste the token into the relevant section or click on the following link: http://localhost/loginsystem/includes/activate.php?email=".htmlspecialchars($row['user_email'])."&activatetoken=".htmlspecialchars($token);

     mail($mailTo, $subject, $txt, $headers);



      }
    }


               echo "<meta http-equiv='refresh' content='0;url=/../index.php?login=passwordfailed'>";
                exit();
              }


            } elseif ($hashedPwdCheck == true) {
                   // Log in the user here



              $_SESSION['u_id'] = $row['user_id']; 
              $_SESSION['u_first'] = $row['user_first'];   
              $_SESSION['u_last'] = $row['user_last'];   
              $_SESSION['u_email'] = $row['user_email'];
              $_SESSION['u_uid'] = $row['user_uid'];  
              $_SESSION['u_permission'] = $row['admin'];
              $_SESSION['u_moderator'] = $row['moderator'];
              $_SESSION['u_session'] = $row['user_session'];
              $_SESSION['freelesson'] = $row['freelesson']; 
              $_SESSION['datejoined'] = $row['datejoined'];
              $_SESSION['premium'] = $row['premium'];

              // Insert into reward points when login



              // Select names from rewards

              $sql2 = "SELECT * FROM rewards WHERE user_uid = ?;";

              $stmt = mysqli_stmt_init($conn);
       //Prepare the prepared statement
       if (!mysqli_stmt_prepare($stmt, $sql2)) {
          echo 'SQL statement failed';
        } else {
      //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "s", $uid);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);
       $result2 = mysqli_stmt_get_result($stmt);
       $resultCheck2 = mysqli_num_rows($result2);

       while ($row2 = mysqli_fetch_assoc($result2)) {



              $_SESSION['u_reward_points'] = $row2['reward_points'];

               $points = 100;
              $_SESSION['u_reward_points'] += $points;


              $sql = "UPDATE rewards
                      SET reward_points = ?
                      WHERE user_uid = ?;

                     ";

               $stmt = mysqli_stmt_init($conn);
       //Prepare the prepared statement
       if (!mysqli_stmt_prepare($stmt, $sql)) {
          echo 'SQL statement failed';
        } else {
      //Bind parameters to the placeholder
      mysqli_stmt_bind_param($stmt, "is", $_SESSION['u_reward_points'], $_SESSION['u_uid']);
      //Run parameters inside database
      mysqli_stmt_execute($stmt);



                echo "<meta http-equiv='refresh' content='0;URL=/../header2.php?login=success' />" ;  
                exit();

            }

          }
        }

      }

}

}
}
}
}
}
}
}

ob_end_flush();

enter image description here

nircraft
  • 8,242
  • 5
  • 30
  • 46

2 Answers2

0

Make sure the CSS files are loaded properly if loaded from external files.

Always debug your scripts with enabled PHP Error Reporting!

The final output in the browser you can see the Source code - usually Ctrl+U, or you can debug with Developers tools - usually right click the page and do Inspect element Ctrl+Shift+I - Network tab might show you some errors, same in Console tab etc.

Both should help you to identify the problematic part of your coding.

ino
  • 2,345
  • 1
  • 15
  • 27
  • Do I need to put error reporting on that particular page that I am testing or just on the main index.php? –  Dec 01 '18 at 10:27
  • I was told to put all the php code at the top but when including the style sheet, must that html part go before the php code? –  Dec 01 '18 at 10:29
  • Those questions are very elementary. Do go through some tutorials how to write valid HTML page and how to generate some HTML with PHP... – ino Dec 01 '18 at 10:33
  • Is my form action correct or must I set an absolute path? –  Dec 01 '18 at 11:30
  • From my understanding, usually you would need php to be at the top and then follow my html but I am just wondering, if we are just going to link a style sheet, could we do this at the top? I don't think it will have much problem –  Dec 01 '18 at 15:36
0

it's seems like your css files aren't loaded. you can check through your network tab if they do loaded.

Ido
  • 51
  • 5