PHP Login System troubles

Correct or not, always returns incorrect.

Page 1 of 1

1 Replies - 865 Views - Last Post: 01 April 2010 - 05:20 PM Rate Topic: -----

#1 NubileDIYer   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 52
  • Joined: 11-August 09

PHP Login System troubles

Posted 01 April 2010 - 05:07 PM

Hi all, I have a basic PHP login form in index.php:

<form action="main.php" method="post" target="_self">
          <table>	
            <tr>
            	<td>Username</td><td><input name="userid" type="text" size="20" maxlength="20" /></td>
            </tr>
            <tr>
            	<td>Password</td><td><input name="password" type="password" size="20" maxlength="20" /></td>
            </tr>
          </table>
          <input name="login" type="submit" value="Login" onclick="return checkForm();" />
          <input type="hidden" name="content" value="login">
          
            
            </form>



And all necessary PHP validation in main.php:
<?php

// Have they entered a Username?

if(empty($_POST['userid']))
{
die("Please enter your correct username.");
}
// Have they entered a Password?

if(empty($_POST['password']))
{
die("Please enter your correct password.");
}
// Connect to DB
$con = mysql_connect("xxxxx", "xxxxx", "xxxxx") or die('Could not connect to server');
// Select proper DB
mysql_select_db("userinfo", $con) or die('Could not connect to database');


$userid = mysql_real_escape_string($_SESSION['userid']);
$password = mysql_real_escape_string($_SESSION['password']);

      $query = "select userid from table where userid='$userid' and password='$password'";
      $result = mysql_query($query);
	  
if(mysql_num_rows($result) == 1) 
//echo valid user
	  {   
	  echo "Welcome!\n";
      } 
	  else
//echo invalid user
	  {
	  echo "Sorry, your user account was not validated.<br \>\n";
      echo "<a href=\"index.php\">Try again</a><br>\n";
      }
   
?>

Now the first check works, will not work if there is no username or password entered. I have tried my hardest to get the rest of the code to work, which, from my basic understanding of PHP/MySQL, should check the users table in the userinfo db and login only if there is only 1 row (record) of any given username. However, no matter what I type in, junk or correct login info, I get the "Sorry, your user account was not validated" echo statement. I changed some things around, and it was even worse: would login no matter what was typed into the inputs!

Any suggestions or help will be greatly appreciated!
n00b

Is This A Good Question/Topic? 0
  • +

Replies To: PHP Login System troubles

#2 macosxnerd101   User is offline

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12390
  • View blog
  • Posts: 45,519
  • Joined: 27-December 08

Re: PHP Login System troubles

Posted 01 April 2010 - 05:20 PM

Here, you are referencing the Session variables userid and password, when you want to be referencing the Post variables for userid and password. From what I've seen in your code, you don't set these Session variables. Also, you cannot store Session variables until you start your session; and it is usually bad practice to start a session before you have validated the user.
$userid = mysql_real_escape_string($_SESSION['userid']); 
$password = mysql_real_escape_string($_SESSION['password']); 


Was This Post Helpful? 0
  • +
  • -

Page 1 of 1