PHP beginner - help appreciated

[Finker92]

Hi all, I hope I am in the right place. I'm new to php/mysql so please be patient with me. I am trying to create a login script to validate username and password against a database I have created. I am not getting an error message but even when I enter correct username/password details from the database to test the code I am getting the message at the bottom of the script. I can't figure out why as I thought I had all bases covered, but obviously not. Here is my code. Thanks for any help in advance.

P.S. I have checked the names against my form and they are correct.

 

<html>

<html lang="en">

<head>

<meta charset="utf-8" />

<title>USER LOGIN</title>

</head>

<body>

<?php

if(empty($_POST['name'])){

$name=NULL;

echo "Sorry, you forgot to enter your username.</br>";

}else{

$name=$_POST['name'];

}

if(empty($_POST['password'])){

$password=NULL;

echo "Sorry, you forgot to enter a password.</br>";

}else{

$password=$_POST['password'];

}

$connection = @mysqli_connect('localhost','root','','BLOG_PROJECT')

OR die("Could not connect to server");

 

$username = stripslashes($name);

$password = stripslashes($password);

$username = mysql_real_escape_string($name);

$password = mysql_real_escape_string($password);

 

$info = "SELECT 'username', 'password' FROM USERS WHERE 'username'='$username' and 'password'='$password'";

$return=@mysql_query($info);

$rows=@mysql_num_rows($return);

 

if($rows==1){

session_register("username");

session_register("password");

header("location:admin.php");

echo "Hi $username. You are now logged in.";

}else{

echo "You have entered incorrect details. Please check your login details and try again.";

}

?>

</body>

</html>

[Pikachu2000]

Whatever tutorial you're using, stop. That code is about 9 years out of date. Also, when posting code, enclose it within the forum's

 . . . 

BBCode tags.

[Finker92]

Oh! OK, apologies for wrong forum etiquette. Erm, that's not great news. Is all of the code dated or is it specific parts. I created most of it using Larry Ullman's book which I thought was fairly up to date, so confused as to what parts are old. Did use an online tut for latter parts though. Any suggestions/hints welcome.

[Pikachu2000]

If that's from one of Larry's books, it must be an old one; he's usually somewhat ahead of the curve. Sometimes a bit hard to follow, but on top of things, nonetheless.

 

Anyhow, stripslashes shouldn't be used without checking to see if magic_quotes_gpc() is On (which it should not be anyhow), passwords should be hashed, session_register() has been deprecated for years, and the error suppression @ operator really shouldn't be used except in very limited instances.

[PFMaBiSmAd]

The code is also mixing a mysqli connection with mysql functions, which won't work. You must use all the same family of database functions.

[Finker92]

Ok, thanks for the tips. Seems this pretty much needs a rewrite so it's back to the drawing board I suppose. Thanks.