mikelsanderss Posted July 31, 2011 Share Posted July 31, 2011 Hello, I am setting up a login form for an administrator section of my website. The code seems to work, but for some reason when i try to log in, the form will not accept the user and pass that i set up inside mysql database. any suggestions would be amazing. heres the code... <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/243362-php-log-in-form-will-not-accept-user-and-pass-set-up-in-mysql-database/ Share on other sites More sharing options...
mikelsanderss Posted July 31, 2011 Author Share Posted July 31, 2011 to see exactly what i am talking about go to http://www.future6.com/onlineShop/storeadmin/admin_login.php here is a username and password ive setup inside mysql database. user- steve.todd password- todd Quote Link to comment https://forums.phpfreaks.com/topic/243362-php-log-in-form-will-not-accept-user-and-pass-set-up-in-mysql-database/#findComment-1249734 Share on other sites More sharing options...
pranshu82202 Posted July 31, 2011 Share Posted July 31, 2011 Replace your first four lines : <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> With : <?php session_start(); if (!isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> And i think that you have keep the html login page code and php script in the same page, so u need to put your whole php code in the following if statement : if (isset($submit)){ //whole php code } Hope it helped.. Happy Coding Quote Link to comment https://forums.phpfreaks.com/topic/243362-php-log-in-form-will-not-accept-user-and-pass-set-up-in-mysql-database/#findComment-1249735 Share on other sites More sharing options...
pranshu82202 Posted July 31, 2011 Share Posted July 31, 2011 Try my working code : $username = $_POST['admin_name']; $userpass = $_POST['admin_pass']; $username = stripslashes($username); $userpass = stripslashes($userpass); $username = mysql_real_escape_string($username); // SQL injection HEALED $userpass = mysql_real_escape_string($userpass); // SQL injection HEALED $sql = "select * from admin where username='$username' and password='$userpass'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_start(); // register session for as many variables as you want session_register("admin_name"); session_register("admin_pass"); header("location:members.php"); } else { include "adminlogin.php"; echo "<br>"; echo '<center>'."Wrong Username or Password".'</center>'; } ANd keep HTML and PHP code on separate files. Quote Link to comment https://forums.phpfreaks.com/topic/243362-php-log-in-form-will-not-accept-user-and-pass-set-up-in-mysql-database/#findComment-1249739 Share on other sites More sharing options...
PFMaBiSmAd Posted July 31, 2011 Share Posted July 31, 2011 @mikelsanderss, is your password field in the table the md5 of the actual password? You are going to need to troubleshoot what your code, query, and data are doing in order to find out why it is not matching the information stored in the table. Start by forming your sql query statement in a php variable and echoing that variable so that you can see exactly what the query is. Then execute that query directly against your database using your favorite database management tool (phpmyadmin or similar) to see if it matches any rows and then check directly in your database table if there is a row that exactly matches the values in the query. Quote Link to comment https://forums.phpfreaks.com/topic/243362-php-log-in-form-will-not-accept-user-and-pass-set-up-in-mysql-database/#findComment-1249832 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.