0

Ok so what I am trying to do is create a php variable called "text", set it into a specific error message when program runs into a problem, and redirect the user to the login page and ask them to enter their credentials again with the error message printed in the button.

This is createpage.php which is page where it takes the user input. This page also prints the message.

<?php
include('create.php');
// Includes Login Script
?>
<head>
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script> 
$(function(){
    $("#header").load("header.html"); 
    $("#footer").load("footer.html"); 
});
</script> 
<title>Mases Krikorian Website</title>
<link rel="stylesheet" type="text/css" href="index.css">
<link rel="stylesheet" type="text/css" href="login.css">
<style>
h2{
    font-family: "Arial Black", Gadget, sans-serif;
}
td{
    padding-left: 5px;
    padding-right: 5px;
}
</style>
<div id="header"></div>
<div class="bgpic"></div>
</head>
<body>
<div class="container">
    <div id="content">
        <form method="POST" action="create.php">
            <h1>Registration Form</h1>
            <div>
                <input name="username" placeholder="Username" type="text" id="username">
            </div>
            <div>
                <input name="password" placeholder="Password" type="password" id="password">
            </div>
            <div>
                <input name="email" placeholder="Email" type="text" id="username">
            </div>
            <div>
                <div>
                    <span><?php echo $text; ?></span>
                </div>
                <a href="/login.php">Login</a>
                <input id="submit" type="submit" name="submit" value="Sign Up">

            </div>
        </form><!-- form -->
    </div>
</div>
</body>
<div id="footer"></div>
</html>

This is my create.php page which sets the "text" variable based on their input, and also makes connection with my mysql database. 

<?php
session_start();
define('DB_HOST', '<im putting my host here>');
define('DB_NAME', '<im putting my db name here>');
define('DB_USER','<im putting my username here>');
define('DB_PASSWORD','<im putting my password here>');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
$text= '';

function NewUser()
{
    $username= $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    if($data)
    {
        $text= "Account created.";
        header('Location: login.php');
        $text= "Account created.";
    }
}

function SignUp()
{
    if(!empty($_POST['username']))   //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
    {
        $query = mysql_query("SELECT * FROM members WHERE username = '$_POST[username]' AND password = '$_POST[password]'") or die(mysql_error());
        $q = mysql_query("SELECT * FROM members WHERE username = '$_POST[username]'");
        if(!$row = mysql_fetch_array($q))
        {
            newuser();
        }
        else
        {
            $text= "Account already exists under that username";
            header('Location: createpage.php');
            $text= "Account already exists under that username";
        }
    }
    else {
        $text= "Account already exists under that username";
        header('Location: createpage.php');
        $text= "Account already exists under that username";
    }
}

if(isset($_POST['submit']))
{
    SignUp();
}
?>

Note that the page does the redirecting from the "header" call properly but does NOT set the text. Also note that all connections with the database work properly. Thanks for any help.

Improve this question
4
  • You could add the the text as a query string like header("Location: createpage.php?error=".urlencode($text));' or persist with a session variable, or you do a query string with an error number that you can call from your other page. Commented Jun 9, 2016 at 5:03
  • 1
    WARNING: If you're just learning PHP, please, do not use the mysql_query interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like PDO is not hard to learn and a guide like PHP The Right Way explains best practices. Your user parameters are not properly escaped and there are SQL injection bugs that can be exploited. Commented Jun 9, 2016 at 5:13
  • 1
    WARNING: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. This has many dangerous SQL injection vulnerabilities since you didn’t properly escape values. This code allows anyone to get anything from your site. DO NOT write your own authentication system. Any development framework like Laravel comes with an authentication system built-in. Commented Jun 9, 2016 at 5:13
  • 1
    At the absolute least follow recommended security best practices and never store passwords as MD5 encrypted text as that's barely better than plain-text and is trivial for any password cracking tool to deal with. Commented Jun 9, 2016 at 5:14

2 Answers 2

Reset to default
1

You have to pass the error message with the header redirection itself and on the next page catch it via $_GET and print it . 

header("Location: createpage.php?msg=".urlencode($text));

On the createpage.php page where you want to print 

<?php echo urldecode($_GET['msg']);?>

Though it is not a good practice of sending texts via URL.

Use SESSION to save your variables across multiple pages . You can take a look of how to set variables using session over here .

http://php.net/manual/en/book.session.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Wow fancy...didnt even know you can use that function that way...thanks ill set it as the answer in a minute (cooldown)
1

Looks like you are pretty new to PHP. Ok, welcome.

First, a couple of comments. I suggest you start looking another way to connect to MySQL. The mysql extension is deprecated from PHP 5.5 and from this version is issuing an E_DEPRECATED warning.

I suggest you go see the PDO Database extension or the mysql iheritor MySQLi extension.

Then, about your specific question: How to keep the value of the $text variable? The best approach there would be to use sessions.

There's a superglobal in PHP named $_SESSION. Everything you store there is kept between sessions. You have to issue a session_start() call at the beginning of your login script to be able to catch the session info later.

So, go check some about PHP $_SESSION in the web and in the www.php.net website, and you'll be good to go.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.