Jump to content

Strange login problem - Help!

melting_dog

By melting_dog
in PHP Coding Help

 Share

Recommended Posts

melting_dog Regular Member

melting_dog

Posted
Posted

Hi all.

 

Im probably missing something here so forgive me if this is a noob question. I have created a login page for a site I am building at home with xampp. For the last week its been fine but just today when I try to use the login it redirects me to main.php - theres no such page in my folder structure.

 

my login looks something like this:

 

Login in page:

 

<form name="form1" method="post" action="loginProcess.php">

<input name="name" type="text" value="Name" size="40" maxlength="100" />

<input name="password" type="password" value="password" size="40" maxlength="100" />

<label><input type="submit" name="Submit" id="Submit" value="Submit" /></label>

</form>

 

loginProcess page (which doesnt actually get reached):

 

$name=$_POST['name'];

$password=$_POST['password'];

 

$name = stripslashes($name);

$password = stripslashes($password);

$name = mysql_real_escape_string($name);

$password = mysql_real_escape_string($password);

 

$sql="SELECT * FROM $tbl_name WHERE firstName='$name' and password='$password'";

$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

session_register("name");

session_register("password");

header("location:loginSuccess.php");

}

else {

$wrong = '<h3 style = "text-align: center;">Sorry! Wrong Username or Password</h3>';

}

ob_end_flush();

?>

 

Oddly enough, when I put in an incorrect name or password it does redirect to the right page. - Just wierd

 

anyone know why this is happening?

Link to comment
Share on other sites
robert_gsfame Advanced Member

robert_gsfame

Posted
Posted

try changing this-->

 

$sql="SELECT * FROM $tbl_name WHERE firstName='$name' and password='$password'";

 

into this-->

 

$sql="SELECT * FROM $tbl_name WHERE firstName='$name' AND password='$password'";

 

 

and this-->

if($count==1){

session_register("name");

session_register("password");

header("location:loginSuccess.php");

}

 

into this-->

 

if(!empty($count)){

session_start();

$_SESSION['name']=$name;

$_SESSION['password']=$password;

header("location:loginSuccess.php");

}

 

 

let see if it works

 

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Firstly, if you're going to use any $_SESSION data, you need to have session_start(); at the beginning of the script. Also, session_register() is deprecated. and should be changed to use the correct syntax (see below). And I can't think of any good reason to store a password in a $_SESSION var. Lastly, after a header() redirect, you should always follow it with exit(); to prevent the script form executing any further.

$_SESSION['name'] = $name;

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

and this-->

if($count==1){

session_register("name");

session_register("password");

header("location:loginSuccess.php");

}

 

into this-->

 

if(!empty($count)){

session_start();

$_SESSION['name']=$name;

$_SESSION['password']=$password;

header("location:loginSuccess.php");

}

 

I disagree. I think the query result should be verified to match one, and only one, record.

Link to comment
Share on other sites
melting_dog Regular Member

melting_dog

Posted
  • Author
Posted

Firstly, if you're going to use any $_SESSION data, you need to have session_start(); at the beginning of the script. Also, session_register() is deprecated. and should be changed to use the correct syntax (see below). And I can't think of any good reason to store a password in a $_SESSION var. Lastly, after a header() redirect, you should always follow it with exit(); to prevent the script form executing any further.

$_SESSION['name'] = $name;

 

Thanks Robert and Pikachu. I have updated the session_register to $_SESSION.

 

It seems as if the session_start wasw the problem: i had it on a thrid page that redirected from loginProcess.php but have changed it to where robert suggested.

 

So alls fine now but i might have to do some more testing...

 

Cheers

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

They aren't the same, really. The expected result is exactly one record, not a record set of one or more records. Anything other than one record can indicate a data problem. Why not check for it since the query is being run anyhow, and trigger_error() and/or die() if it fails?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.