Jump to content

Login not quite working.


INeedAGig

Recommended Posts

Hey there guys, I have been trying to resolve this myself the past hour or so and I can't seem to figure it out. I am in the middle of programming a contacts database, with a login system. Now, the register.php file I created to create users for the database works, but the following code is from my login.php file.

 

When I am on the page in my browser and I type in a registered username and password combination it simply just reloads the login.php file, with blank form fields, as if you had just loaded the page. I am not quite sure what is causing this.

 

Here is the code from my login.php file:

 

<?php
//Database Information
$dbhost = "removed_for_this_post"; //Host Name
$dbname = "removed_for_this_post"; //Database Name
$dbuser = "removed_for_this_post"; //Database Username
$dbpass = "removed_for_this_post"; //Database Password

//Connect To Database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();

$username = $_POST['username'];
$password = md5($_POST['password']);

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "login.html";
} else {
$_SESSION['username'] = "$username";
include "main_interface.php";
}

?>

 

Thanks for your help in advance!! :)

Link to comment
Share on other sites

HTML for the form:

 

<form id="login" name="login" method="post" action="login.php">
<p><img src="images/locked.png" height="20" width="20"> Restricted Access - Authentication Required</p>
<label>Username <img src="images/username.png" height="20" width="20">
<span class="small"><i>Enter a valid username</i></span>
</label>
<input type="text" name="username" id="username">
<label>Password <img src="images/password.png" height="20" width="20">
<span class="small"><i>Password is case sensitive</i></span>
</label>
<input type="password" name="password" id="password">
<button type="submit">Login</button>
<div class="spacer"></div>
</form>

Link to comment
Share on other sites

Hmm well first of all take the quotes away from

 

} else {

$_SESSION['username'] = "$username";

include "main_interface.php";

 

to

 

} else {

$_SESSION['username'] = $username;

include "main_interface.php";

 

does it give any error?

Link to comment
Share on other sites

Your code works for me.

 

Are you sure your query is not failing with an error of some kind? You don't have any error checking logic in your code to test if the query worked without any errors. Is $result a boolean false (query failed due to an error) or a result resource?

 

Are you sure your query statement exactly matches one row in your database? If you have zero, more than one, or even a password field that is not long enough to hold a md5 value, your query won't match exactly one row and the code will redisplay the form. I would echo out the $query variable and check if you have a row in your database table with the exact same username and md5 password values in it.

Link to comment
Share on other sites

Hmm well first of all take the quotes away from

 

} else {

$_SESSION['username'] = "$username";

include "main_interface.php";

 

to

 

} else {

$_SESSION['username'] = $username;

include "main_interface.php";

 

does it give any error?

 

 

Double quoting string variables will not affect the behaviour of a script, although I agree they should have been removed.

 

 

As for the problem, in my experience this problem arises from the use of <button>, try using <input type="submit" > and styling with CSS; or <input type="image" >, although this can cause problems with $_POST['input_name'] where you need to check for $_POST['input_name']['X'] or $_POST['input_name']['Y']

// also, why set a $error variable then include a .html page, surely include a page where you can output the $error variable (.php), and use mysql_real_escape_string on username (this is not necessary for password as you md5 hash it, although you should use a salt with your hash. As PFMaBiSmAd said, is your password field a varchar (at least) 32 (length)

Link to comment
Share on other sites

Now, upon successful login, the page that is loaded, being 'main_interface.php'. This file BEGINS with the session control, that code being:

 

<?php
session_start();
if (!isset($_SESSION['username']) || (trim($_SESSION['username'])=='')) 
{
header("location: login.html");
exit();
}

Link to comment
Share on other sites

If you were to comment out that header in the session check area, are you on main_interface.php when logging in with correct credentials?

 

Trims should be done on posted contents before session is set.

$username = trim($_POST['username']);
$password = md5(trim($_POST['password']));

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.