Jump to content

need help fix my coding

daruga

By daruga
in PHP Coding Help

 Share

Recommended Posts

daruga Newbie

daruga

Posted
  • Author
Posted (edited)

my problem....our login page not working...need help forum how to fix it and i neeed some advice on php..3 main page 

1)index.php

2/login.php

3)logout.php

 

the main problem is i dont know if my website connect with database phpmyadmin or not....it only give inccorect password/username

Edited by daruga
Link to comment
Share on other sites
daruga Newbie

daruga

Posted
  • Author
Posted 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="jquery.js"></script>
<link rel="stylesheet" href="styles.css" type="text/css" />
<title>Login Form</title>
<script type="text/javascript">
$(document).ready(function(){
	
   $("#login").click(function(){
		username=$("#user_name").val();
        password=$("#password").val();

         $.ajax({
            type: "POST",
           url: "login.php",
            data: "username="+username+"&password="+password,


            success: function(html){
			
			  if(html=='true')
              {
                $("#login_form").fadeOut("normal");
				$("#shadow").fadeOut();
				$("#profile").html("<a href='logout.php' class='red' id='logout'>Logout</a>");
				// You can redirect to other page here....
              }
              else
              {
                    $("#add_err").html("Wrong username or password");
              }
            },
            beforeSend:function()
			{
                 $("#add_err").html("Loading...")
            }
        });
         return false;
    });
});
</script>
</head>
<body>
<?php session_start(); ?>
	<div id="profile">
     	<?php
   	if(isset($_SESSION['username'])){
			?>
	<a href='logout.php'>Logout</a>
		<?php } ?>
	</div>
</body>
<?php 
if(empty($_SESSION['username'])){?>
<div class="container" id="login_form">
	<section id="content">
		<form action="login.php">
			<h1>Login Form</h1>
			<div>
				<input type="text" placeholder="Username" required="" id="user_id"  name="username"/>
			</div>
			<div>
				<input type="password" placeholder="Password" required="" id="password"  name="password"/>
			</div>
		        <div class="err" id="add_err"></div>
			<div>
					<input type="submit" value="Log in" id="login"  />
				<a href="#">Lost your password?</a>
				<a href="#">Register</a>
			</div>
		</form><!-- form -->
		<div class="button">
			
		</div><!-- button -->
	</section><!-- content -->
</div>
<?php }?>
<!-- container -->
</html>

index.php

Link to comment
Share on other sites
daruga Newbie

daruga

Posted
  • Author
Posted 
<?php
session_start();

$username = $_POST['username'];
$password = md5($_POST['password']);

$connect_error = 'sorry we have downtime problem ';
$connect1_error = 'database connection error ';
mysql_connect('localhost','root','password')or die($connect_error); 
mysql_select_db('mkjb')or die($connect1_error);

$con = mysql_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password) or die("Could not connect database");
mysql_select_db($mysql_db_database, $con) or die("Could not select database");

$query = "SELECT * FROM registered_users WHERE name='$username' AND password='$password'";
$result = mysql_query($query)or die(mysql_error());
$num_row = mysql_num_rows($result);
		$row=mysql_fetch_array($result);
		if( $num_row >=1 ) {

			echo 'true';
			$_SESSION['user_name']=$row['name'];			
			
		}
		else{
			echo 'false';
		}
?>

login.php

Link to comment
Share on other sites
Ch0cu3r Newbie

Ch0cu3r

Posted
Posted (edited)

 

the main problem is i dont know if my website connect with database phpmyadmin or not

You mean MySQL. phpMyAdmin is a php script for managing a MySQL server from a web interface, it is not the database.

 

In index.php you are calling session_start() within your HTML code. This function cannot be called in this way. This can only be called before any output has been sent to the browser. Anything you echo or text/html outside of the php (<?php ?>) tags is considered output. Call this function on the first line of any page that needs to use $_SESSION variables (eg index.php, login.php and logout.php).

 

In login.php you are seem to be connecting to mysql twice

mysql_connect('localhost','root','password')or die($connect_error); 
mysql_select_db('mkjb')or die($connect1_error);

$con = mysql_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password) or die("Could not connect database");
mysql_select_db($mysql_db_database, $con) or die("Could not select database");

You only need to be call mysql_connect and mysql_select_db once to connect to the database.

When checking to make sure your query returned a result, you want to be checking it returned 1 result not more than 1

if( $num_row >=1 )

Use   == To make sure it only matched 1 record for the username/password that was given.

if( $num_row == 1 ) {

 

it only give inccorect password/username

As for why you get the Wrong username or password message when logging in you need to debug your AJAX/JavaScript code.

Edited by Ch0cu3r
Link to comment
Share on other sites
Ch0cu3r Newbie

Ch0cu3r

Posted
Posted (edited)

If he already has more than 1 matching record then checking for ==1 will let him add an infinite number more duplicates

But this is for a log in. In this case you only want the query to match 1 record that matches the username/password. I guess adding LIMIT 1 to the query would be better?

Edited by Ch0cu3r
Link to comment
Share on other sites
alpine Member

alpine

Posted
Posted

If you match 2 rows with the same username AND password, its impossible to differ those users apart. I would rather deny access under this circumstance rather than doing 'limit 1' that may give the wrong user access to his twin account.

If user id 1 and user id 2 have the same creditentials, a default ascending query 'limit 1' login attemt performed by user 2 will give access to user id 1 account.

 

A sensible design should as we all know prevent this from ever happening in the first place.

 

I would match with rows = 1 or deny access
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.