daruga Posted November 3, 2013 Share Posted November 3, 2013 needhelp fix my login page.. Quote Link to comment Share on other sites More sharing options...
daruga Posted November 3, 2013 Author Share Posted November 3, 2013 (edited) my problem....our login page not working...need help forum how to fix it and i neeed some advice on php..3 main page 1)index.php 2/login.php 3)logout.php the main problem is i dont know if my website connect with database phpmyadmin or not....it only give inccorect password/username Edited November 3, 2013 by daruga Quote Link to comment Share on other sites More sharing options...
daruga Posted November 3, 2013 Author Share Posted November 3, 2013 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script type="text/javascript" src="jquery.js"></script> <link rel="stylesheet" href="styles.css" type="text/css" /> <title>Login Form</title> <script type="text/javascript"> $(document).ready(function(){ $("#login").click(function(){ username=$("#user_name").val(); password=$("#password").val(); $.ajax({ type: "POST", url: "login.php", data: "username="+username+"&password="+password, success: function(html){ if(html=='true') { $("#login_form").fadeOut("normal"); $("#shadow").fadeOut(); $("#profile").html("<a href='logout.php' class='red' id='logout'>Logout</a>"); // You can redirect to other page here.... } else { $("#add_err").html("Wrong username or password"); } }, beforeSend:function() { $("#add_err").html("Loading...") } }); return false; }); }); </script> </head> <body> <?php session_start(); ?> <div id="profile"> <?php if(isset($_SESSION['username'])){ ?> <a href='logout.php'>Logout</a> <?php } ?> </div> </body> <?php if(empty($_SESSION['username'])){?> <div class="container" id="login_form"> <section id="content"> <form action="login.php"> <h1>Login Form</h1> <div> <input type="text" placeholder="Username" required="" id="user_id" name="username"/> </div> <div> <input type="password" placeholder="Password" required="" id="password" name="password"/> </div> <div class="err" id="add_err"></div> <div> <input type="submit" value="Log in" id="login" /> <a href="#">Lost your password?</a> <a href="#">Register</a> </div> </form><!-- form --> <div class="button"> </div><!-- button --> </section><!-- content --> </div> <?php }?> <!-- container --> </html> index.php Quote Link to comment Share on other sites More sharing options...
daruga Posted November 3, 2013 Author Share Posted November 3, 2013 <?php session_start(); $username = $_POST['username']; $password = md5($_POST['password']); $connect_error = 'sorry we have downtime problem '; $connect1_error = 'database connection error '; mysql_connect('localhost','root','password')or die($connect_error); mysql_select_db('mkjb')or die($connect1_error); $con = mysql_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password) or die("Could not connect database"); mysql_select_db($mysql_db_database, $con) or die("Could not select database"); $query = "SELECT * FROM registered_users WHERE name='$username' AND password='$password'"; $result = mysql_query($query)or die(mysql_error()); $num_row = mysql_num_rows($result); $row=mysql_fetch_array($result); if( $num_row >=1 ) { echo 'true'; $_SESSION['user_name']=$row['name']; } else{ echo 'false'; } ?> login.php Quote Link to comment Share on other sites More sharing options...
daruga Posted November 3, 2013 Author Share Posted November 3, 2013 (edited) <?php session_start(); unset($_SESSION['user_name']); header('Location: index.php'); ?> this my logout.php Edited November 3, 2013 by daruga Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 (edited) the main problem is i dont know if my website connect with database phpmyadmin or not You mean MySQL. phpMyAdmin is a php script for managing a MySQL server from a web interface, it is not the database. In index.php you are calling session_start() within your HTML code. This function cannot be called in this way. This can only be called before any output has been sent to the browser. Anything you echo or text/html outside of the php (<?php ?>) tags is considered output. Call this function on the first line of any page that needs to use $_SESSION variables (eg index.php, login.php and logout.php). In login.php you are seem to be connecting to mysql twice mysql_connect('localhost','root','password')or die($connect_error); mysql_select_db('mkjb')or die($connect1_error); $con = mysql_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password) or die("Could not connect database"); mysql_select_db($mysql_db_database, $con) or die("Could not select database"); You only need to be call mysql_connect and mysql_select_db once to connect to the database. When checking to make sure your query returned a result, you want to be checking it returned 1 result not more than 1 if( $num_row >=1 ) Use == To make sure it only matched 1 record for the username/password that was given. if( $num_row == 1 ) { it only give inccorect password/username As for why you get the Wrong username or password message when logging in you need to debug your AJAX/JavaScript code. Edited November 3, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2013 Share Posted November 3, 2013 If he already has more than 1 matching record then checking for ==1 will let him add an infinite number more duplicates Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 3, 2013 Share Posted November 3, 2013 (edited) If he already has more than 1 matching record then checking for ==1 will let him add an infinite number more duplicates But this is for a log in. In this case you only want the query to match 1 record that matches the username/password. I guess adding LIMIT 1 to the query would be better? Edited November 3, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
alpine Posted November 3, 2013 Share Posted November 3, 2013 If you match 2 rows with the same username AND password, its impossible to differ those users apart. I would rather deny access under this circumstance rather than doing 'limit 1' that may give the wrong user access to his twin account. If user id 1 and user id 2 have the same creditentials, a default ascending query 'limit 1' login attemt performed by user 2 will give access to user id 1 account. A sensible design should as we all know prevent this from ever happening in the first place. I would match with rows = 1 or deny access Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.