PHP Log-In Script Help - Information is correct but not working

[rotc_rachel]

Hello All,

 

    I ran into another issue and am looking for some help!  I am currently messing around with the tutorial and files from this link;

 

http://phpsense.com/php/php-login-script.html?commented=0#txpCommentInputForm

 

My database connections are correct and I receive no errors.  But, when I try and log in with a u/n and p/w that I know are correct, it automatically directs me to the log-in failed file.  I can't seem to figure out why and am thinking it may have something to do with the password encryption or a PHP setting I need to set.  Any ideas?

 

Thanks for any help,

-Rachel

[greatstar00]

can u show your code?

 

[rotc_rachel]

Well, for a little update, I tried running the files provided in the ZIP file from the site, and was able to log in successfully.  But after just basically copying and pasting the code that worked to my pages, I attempt to log-in, and if it is correct it doesn't execute to the test.php page, instead it just refreshes to the log-in page (index.php) with blank input fields. 

 

index.php (contains the log-in form information):

<p><table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

 

<tr>

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

                <td width="294"><input name="login" type="text" class="textfield" id="login" /></td>

                </tr>

                <tr>

                <td>Password</td>

                <td>:</td>

                <td><input name="password" type="password" class="textfield" id="password" /></td>

                </tr>

                <tr>

                <td> </td>

                <td> </td>

                <td><input type="submit" name="Submit" value="Login"></td>

                </tr>

                </table>

                </td>

                </form>

                </tr>

                </table>

               

 

login-exec.php: Incorrect log-in successfully directs me to a 'log-in fail' page, but correct log-in just refreshes the page I'm already on?

 

 

<?php

//Start session

session_start();

 

//Include database connection details

require_once('config.php');

 

//Array to store validation errors

$errmsg_arr = array();

 

//Validation error flag

$errflag = false;

 

//Connect to mysql server

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

 

//Select database

$db = mysql_select_db(DB_DATABASE);

if(!$db) {

die("Unable to select database");

}

 

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

 

//Sanitize the POST values

$login = clean($_POST['login']);

$password = clean($_POST['password']);

 

//Input Validations

if($login == '') {

$errmsg_arr[] = 'Login ID missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;

}

 

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: index.php");

exit();

}

 

//Create query

$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";

$result=mysql_query($qry);

 

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) == 1) {

//Login Successful

session_regenerate_id();

$member = mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];

$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];

$_SESSION['SESS_LAST_NAME'] = $member['lastname'];

session_write_close();

header("location: test.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

?>

 

 

[PFMaBiSmAd]

What's the code in test.php? From your description of what the posted code is doing, it is likely that it is redirecting to test.php but then test.php is redirecting to the login form page.