Jump to content

Problem with login script


PHPRegister

Recommended Posts

I have a problem with a login script I have. Here is the full code:

<?php

ob_start();
$host=
$username=
$password= 
$db_name= 
$tbl_name=


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 


// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

When I run the file, it tells me Wrong password message. What have I done wrong?

Link to comment
https://forums.phpfreaks.com/topic/265668-problem-with-login-script/
Share on other sites

Are these variables empty on the script ?

they should be for one and removing code injection so only number letters used

 

 $username = ''; or 
$username = $_POST['myusername'];    
[code]

[code] $host=
$username =
$password= 
$db_name= 
$tbl_name=

 

These vars are empty and they do not have a code end ;

Is there a form that you post from maybe that is not correct?

That code is obviously cut and pasted from phpeasystep.com, and it uses functions that are about 10 years out of date. You would really be better off finding another learning resource; pretty much everything on that site is antiquated.

So you didn't get an error message?

 

I thought mysqli_query() expects 2 parameters, you have one

 

Try

 

$result=mysql_query($dbc, $sql) or die("Error: ".mysqli_error($dbc));

 

where $dbc =  mysql_connect("$host", "$username", "$password")or die("cannot connect");

it is an old code ..try this

<code>

<?php

 

$host="localhost"; // Host name

$username=""; // Mysql username

$password=""; // Mysql password

$db_name="test"; // Database name

$tbl_name="userinfo"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

 

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($count==1){

 

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

header("location:login_success.php");

}

else {

echo "Wrong Username or Password";

}

?>

</code>

this worKs for me u need to eddit tbl_name in yours AND MAKE sure u have a  member

 

im worKing on a registration script now u can eddit it to this one when its finisched u need 1 member !!

 

<?php

$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="userinfo"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

u need login succes.php its liKe this

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>
</table>

 

 

and of coure the first 1

(eddit checKlogin in the name of the file in last post!

<table width="300" border="0" align="right" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checKlogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.