3 Replies - 739 Views - Last Post: 28 November 2011 - 09:51 AM Rate Topic: -----

#1 Megakeemo  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 14
  • Joined: 16-November 08

Login Script not working, HELP!

Posted 27 November 2011 - 11:24 PM

I've tried everything and I just can't seem to see why this login script isn't working. The registration script works quite fine, but why not this. Honestly I've spent so much time on this I'm just downright frustrated because I'm really not seeing the error. Please help me with this.

Here's the code:


<?php
//Start session
session_start();
	
//Array to store validation errors
$errmsg_arr = array();
	
//Validation error flag
$errflag = false;


//connect to the database
$con = mysql_connect("localhost", "root");

if(!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("faculty_wars", $con);


//Input Validations
if($_POST['username'] == '') {
	$errmsg_arr[] = 'Username missing';
	$errflag = true;
}
if($_POST['password'] == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login.php");
}

//Create query
$sql="SELECT * FROM users WHERE username='$_POST[username]' && password='".md5($_POST['password'])."'";
$result=mysql_query($sql);


// Check username and password match
if (mysql_num_rows($result) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: home.php');
}
else {
// Jump to login page
header('Location: login-failed.php');
}

?>




Is This A Good Question/Topic? 0
  • +

Replies To: Login Script not working, HELP!

#2 hadi_php  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 10
  • View blog
  • Posts: 382
  • Joined: 23-August 08

Re: Login Script not working, HELP!

Posted 28 November 2011 - 02:03 AM

<?php
//Start session
session_start();
	
//Array to store validation errors
$errmsg_arr = array();
	
//Validation error flag
$errflag = false;


//connect to the database
$con = mysql_connect("localhost", "root",""); // password field missing

if(!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("faculty_wars", $con);


//Input Validations
if($_POST['username'] == '') {
	$errmsg_arr[] = 'Username missing';
	$errflag = true;
}
if($_POST['password'] == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login.php");
}

//Create query
$sql="SELECT * FROM users WHERE username='".$_POST['username']."' && password='".md5($_POST['password'])."'"; // just little bit edit here but i strongly recommended to validate $_POST variable with mysql_real_escape_string like this - mysql_real_escape_string($_POST['username'])
$result=mysql_query($sql);


// Check username and password match
if (mysql_num_rows($result) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: home.php');
}
else {
// Jump to login page
header('Location: login-failed.php');
}

?>


hope this helps

see the two notes (//) one is MISSING PASSWORD Field and other is validation of $_POST variable

This post has been edited by hadi_php: 28 November 2011 - 02:05 AM

Was This Post Helpful? 0
  • +
  • -

#3 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 947
  • View blog
  • Posts: 2,355
  • Joined: 15-February 11

Re: Login Script not working, HELP!

Posted 28 November 2011 - 06:09 AM

Also turn on error reporting so that you can see your own errors.
error_reporting(E_ALL);



Don't throw values directly from the user into your queries. Sanitize them first.
Was This Post Helpful? 0
  • +
  • -

#4 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10647
  • View blog
  • Posts: 39,540
  • Joined: 27-December 08

Re: Login Script not working, HELP!

Posted 28 November 2011 - 09:51 AM

Or use Prepared Statements like PDO or MySQLi, which are immune to SQL Injection attacks.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1