Jump to content

login.php not validating registered user

travelkind

By travelkind
in PHP Coding Help

 Share

Recommended Posts

travelkind Member

travelkind

Posted
Posted

When trying to login through my login.php form I am being redirected to "Internet Explorer cannot display the webpage" message.  The login.php is supposed to look at my database to see if the user exists and if they do forward them back to the index.php page.  I have tried typing in bogus user names and passwords and it is supposed return "Incorrect login, please try again!".  I don't have any syntax errors as I have run it through a syntax check.  Can anyone give me some direction on what to try?  I have copied the code below (sorry if seems long).  Thanks for your help.

 

 

<?php

 

session_start();

 

require("config.php");

 

//Connect To Database

$hostname='XXX';

$username='XXX';

$password='XXX';

$dbname='XXX';

 

mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');

mysql_select_db($dbname);

 

 

if($_POST['submit']) {

 

$sql = "SELECT * FROM logins WHERE username = '" . $_POST['username'] .

    "' AND password = '" . $_POST['password'] . "';";

 

$result = mysql_query($sql);

$numrows = mysql_num_rows($result);

 

if($numrows == 1) {

  $row = mysql_fetch_assoc($result);

  session_register("USERNAME");

  session_register("USERID");

 

$_SESSION['USERNAME'] = $row['username'];

$_SESSION['USERID'] = $row['id'];

 

header("Location: " . $config_basedir);

}

else {

header("Location: " . $config_basedir . "/login.php?error=1");

}

}

else {

 

  require("header.php");

 

  if($_GET['error']) {

    echo "Incorrect login, please try again!";

}

?>

 

<form action="<?php echo $SCRIPT_NAME ?>" method="post">

 

<table>

<tr>

  <td>Username</td>

  <td><input type="text" name="username"></td>

</tr>

<tr>

  <td>Password</td>

  <td><input type="password" name="password"></td>

</tr>

<tr>

  <td></td>

  <td><input type="submit" name="submit" value="Login!"></td>

</tr>

</table>

</form>

 

<?php

}

require("footer.php");

?>

Link to comment
https://forums.phpfreaks.com/topic/203159-loginphp-not-validating-registered-user/
Share on other sites
snailguy Newbie

snailguy

Posted
Posted

You might try adding:

 

$result = mysql_query($sql) OR DIE("Your query failed: " .mysql_errno() . "    "  . mysql_error());

 

This way, if there is a problem with your query, you should see an error message that could help troubleshoot the problem.

Also, have you tried the query directly on the DB, like through phpmyadmin?

 

Also, try modifying your query to:

 

$sql = "SELECT * FROM logins WHERE username = '$_POST['username']'
AND password = '$_POST['password']'";

 

Alternatively, you might try:

 

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM logins WHERE username = '$username'
      AND password = '$password'";

 

 

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

$SCRIPT_NAME was depreciated some time in the year 2002 and is probably the reason for your browser error (do a 'view source' to see what the HTML of your form does look like.) To cause a form to submit to the same page you should just use an empty string in the action="" attribute.

 

Also, remove the two  session_register() statements. They were also depreciated in 2002 and your two $_SESSION[] = ... statements accomplish what you need your script to do.

travelkind Member

travelkind

Posted
  • Author
Posted

Okay I made the changes to the sql statement and got rid of the $script_name but I am still getting the "page can't be displayed" message.  Here is a snipet of my code with the changes:  Any other ideas?

 

if($_POST['submit']) {

 

$username = $_POST['username'];

$password = $_POST['password'];

$sql = "SELECT * FROM logins WHERE username = '$username'

      AND password = '$password'";

 

$result = mysql_query($sql) OR DIE("Your query failed: " .mysql_errno() . "    "  . mysql_error());

$result = mysql_query($sql);

$numrows = mysql_num_rows($result);

 

if($numrows == 1) {

  $row = mysql_fetch_assoc($result);

 

$_SESSION['USERNAME'] = $row['username'];

$_SESSION['USERID'] = $row['id'];

 

header("Location: " . $config_basedir);

}

else {

header("Location: " . $config_basedir . "/login.php?error=1");

}

}

else {

 

  require("header.php");

 

  if($_GET['error']) {

    echo "Incorrect login, please try again!";

}

?>

 

<form action="" method="post">

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.