3 Replies - 443 Views - Last Post: 28 November 2011 - 09:51 AM Rate Topic:

#1 Megakeemo

New D.I.C Head

Reputation: 0

Posts: 14
Joined: 16-November 08

Login Script not working, HELP!

Posted 27 November 2011 - 11:24 PM

I've tried everything and I just can't seem to see why this login script isn't working. The registration script works quite fine, but why not this. Honestly I've spent so much time on this I'm just downright frustrated because I'm really not seeing the error. Please help me with this.

Here's the code:


<?php
//Start session
session_start();
	
//Array to store validation errors
$errmsg_arr = array();
	
//Validation error flag
$errflag = false;


//connect to the database
$con = mysql_connect("localhost", "root");

if(!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("faculty_wars", $con);


//Input Validations
if($_POST['username'] == '') {
	$errmsg_arr[] = 'Username missing';
	$errflag = true;
}
if($_POST['password'] == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login.php");
}

//Create query
$sql="SELECT * FROM users WHERE username='$_POST[username]' && password='".md5($_POST['password'])."'";
$result=mysql_query($sql);


// Check username and password match
if (mysql_num_rows($result) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: home.php');
}
else {
// Jump to login page
header('Location: login-failed.php');
}

?>

Is This A Good Question/Topic? 0

Replies To: Login Script not working, HELP!

#2 hadi_php

D.I.C Regular

Reputation: 10

Posts: 382
Joined: 23-August 08

Re: Login Script not working, HELP!

Posted 28 November 2011 - 02:03 AM

<?php
//Start session
session_start();
	
//Array to store validation errors
$errmsg_arr = array();
	
//Validation error flag
$errflag = false;


//connect to the database
$con = mysql_connect("localhost", "root",""); // password field missing

if(!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("faculty_wars", $con);


//Input Validations
if($_POST['username'] == '') {
	$errmsg_arr[] = 'Username missing';
	$errflag = true;
}
if($_POST['password'] == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login.php");
}

//Create query
$sql="SELECT * FROM users WHERE username='".$_POST['username']."' && password='".md5($_POST['password'])."'"; // just little bit edit here but i strongly recommended to validate $_POST variable with mysql_real_escape_string like this - mysql_real_escape_string($_POST['username'])
$result=mysql_query($sql);


// Check username and password match
if (mysql_num_rows($result) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: home.php');
}
else {
// Jump to login page
header('Location: login-failed.php');
}

?>

hope this helps

see the two notes (//) one is MISSING PASSWORD Field and other is validation of $_POST variable

This post has been edited by hadi_php: 28 November 2011 - 02:05 AM

Was This Post Helpful? 0