3joez

Ok, I was messing mysqli parameters. But now it enters even with wrong credentials. <?php session_start(); function loginform(){ echo "<form action='Target.php' method='POST'> /* I'm not sure I have to reach target.php from here */ Username: <input type = 'text' name='username'> Password: <input type = 'text' name='password'> <input type = 'submit' name='login' value='Login'> </form> "; } function logoutform(){ echo "<form action='' method='POST'> <input type = 'submit' name='logout' value='Logout'> </form> "; } function login($username, $password){ $con= new mysqli("db_server.com", 'User', 'plain text password', 'whateverdb'); if ($con->connect_errno) { die($con->connect_error); } $pass = md5($password); $query = "SELECT * FROM user WHERE username='$username' AND password='$pass' "; if($result = $mysqli->query($query)) { if ($result->num_rows > 0) { print "<pre>got the following result:\n\n"; while ($row = $result->fetch_assoc()) { print_r ($row); } } else { print "no rows were returned"; } } else { die ($con->error); } } function logout(){ session_destroy(); } if (isset($_SESSION['login'])) { echo "You've logged login"; logoutform(); } else{ echo "Wrong credentials"; loginform(); } if ($_POST['login']) { login($_POST['username'], $_POST['password']); } elseif($_POST['logout']){ echo "you are logging out"; logout(); } ?>

Wow, after rewriting the login function as Hitman said I've got this never seen error: Access denied for user 'user'@'somenumbersandletters.it' (using password: YES)

Reading that, I'm changing a lot, to this(but same result): function login($username, $password){ $pass = md5($password); $con= new mysqli(whateverwebsite.com, 'User', 'hashedmd5password', 'whateverdb'); $result = $mysqli->query(" SELECT * FROM user WHERE username='$username' AND password='$pass' ") or die (mysqli_connect_error()); if($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo $row['test']. "/n"; } } Still navigatin in the dark but I can't see some little lights. After this function is done properly(where are the errors?), shall I call a redirect? Meanwhile let me say thanks for helping me.

Ok, I'm missing the point I must admit, because of my lack of experience but this code $con= new mysqli(whateverwebsite.com, 'Nameofthetable', 'hashedmd5password') or die (mysql_error()); mysql_select_db('whateverdb', $con) or die (mysql_error()); $result = $con->mysql_query(" SELECT * FROM user WHERE username='$username' AND password='$pass' ") or die (mysql_error); if($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo $row['test']. "/n"; } } behaves exactly as before. It hangs in the login page whitout jumping to target.php. There are so many things I could have done wrong, but I just want the page to redirect to another page. I'm applying every single tip and adding also variations. I just still can't understand what am I doing wrong.

Same thing as before. Does not redirect.

Social, you're saying to change this line $con= mysqli(whateverwebsite.com, 'Nameofthetable', 'hashedmd5password') or die (mysql_error()); with this? $con= mysql(whateverwebsite.com, 'Nameofthetable', 'hashedmd5password') or die (mysql_error()); if yes, that doesn't work. @hitman when print "\nThe user was found"; prints nothing, could that mean that the problem is in the db connection? It's strange anyway, because if I manually load the target.php in the url it works.

print "<pre>The contents of session are:\n" . print_r($_SESSION, 1); This line return The contents of session are: Array ( ) and I don't know if it's ok. ----------------------------------------------------- this print "\n At function login with username $username"; returns the name of the username, and it's ok. ----------------------------------------------- this print "\nThe user was found"; returns nothing and again I don't know if that is ok.

Hitman, same problem as before.

Please, help. I'm new to php but I've tried so many times to make it work. I've wrote a script that reads user and password data correctly, to log into a reserved webpage. The problem is that when you press the login button, it doesn't redirect to the target.php (reserved) page. The form is in a file called login.php. It reads and connect to the db, but stays on this login page. As a matter of fact, if I manually type in the url mywebsite/target.php after putting the credentials, it works. But I need an automatic redirect from login.php page and if credentials are correct, redirect to target.php. <?php session_start(); function loginform(){ echo "<form action='' method='POST'> Username: <input type = 'text' name='username'> Password: <input type = 'text' name='password'> <input type = 'submit' name='login' value='Login'> </form> "; } function logoutform(){ echo "<form action='' method='POST'> <input type = 'submit' name='logout' value='Logout'> </form> "; } function login($username, $password){ $pass = md5($password); $con= mysqli(whateverwebsite.com, 'Nameofthetable', 'hashedmd5password') or die (mysql_error()); mysql_select_db('whateverdb', $con) or die (mysql_error()); $result = mysql_query(" SELECT * FROM user WHERE username='$username' AND password='$pass' ") or die (mysql_error); $count= mysql_num_rows($result); if($count==1) { $_SESSION['login']=$username; header('Location:Aggiornamenti/Aggiornamenti.php'); /*this doesn't actually work*/ } else { header('Location:index.php'); /*this doesn't actually work*/ echo "Wrong login"; } } function logout(){ session_destroy(); } if (isset($_SESSION['login'])) { /*this function seems to be ignored*/ echo "Success"; logoutform(); } else{ echo "Log in with username and password."; loginform(); } if ($_POST['login']) { login($_POST['username'], $_POST['password']); } elseif($_POST['logout']){ echo "you are logging out"; logout(); } ?> also, Before the html of the target.php page, there is this <?php session_start(); echo "Reserved area<br>"; if (!isset($_SESSION['login'])) { exit("you must login <a href='../login.php'>Login<a>"); } else { echo "Do the <a href='../login.php'>Logout</a>"; } ?>