Somers95 Posted November 21, 2013 Share Posted November 21, 2013 Hello, I was making a login page with PHP and Mysql and have managed to debug all the errors, but the page says 'Wrong Username or Password' even though i have typed in the right password from the table. I was wondering if anyone could help me. Thanks I have 4 php files: main_login.php check_login.php login_success.php logout.php Here is all the code: main_login.php: <table> <tr> <form name="form1" method="post" action="check_login.php"> <td> <table> <tr> <td><strong>Login form: </strong></td> </tr> <tr> <td>UserName</td> <td>:</td> <td><input name="myusername" type="text" id="myusername"/></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"/> </td> </tr> <tr> <td> </td> <td> </td> <td><input type="Submit" name="Submit" value="Login"/></td> </tr> </table> </td> </form> </tr> </table> <?php ?> check_login.php: <?php $host = "localhost"; $Username = "christopher"; $Password = "password"; $db_name = "test_db"; $tbl_name = "test"; //CONNECT TO SERVER mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT"); mysql_select_db("$db_name") or die("CANNOT SELECT DB"); //USERNAME AND PASSWORD FROM FORM $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; //SECURITY PROTECTION $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $count = 1; if($count == 1){ session_register("myusername"); session_register("mypassword"); header("Location: http://localhost/login/2/login_success.php/"); } else { echo "Wrong Username Or Password"; } ?> login_success.php <?php session_start(); echo "login successful.."; if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> <html> <body> LOGIN SUCCESSFUL </body> </html> logout.php: <?php session_start(); session_destroy(); ?> check_login.php login_success.php logout.php main_login.php Quote Link to comment Share on other sites More sharing options...
jairathnem Posted November 21, 2013 Share Posted November 21, 2013 I dont understand your logic in check_login.php $count = mysql_num_rows($result); $count = 1; if($count == 1) you get the count of rows returned from DB and store in $count, you re-assign $count to 1 and check if $count=1? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 21, 2013 Share Posted November 21, 2013 session__register and session_is_registered are depercated. Do not use them. You use the $_SESSION variable adding data to the session. You use this variable like another variable. So when setting the myusername and mypassword session items you use $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example echo 'myusername is: ' . $_SESSION['myusername'] . '<br />'; echo 'mypassword is: ' . $_SESSION['mypassword']; Quote Link to comment Share on other sites More sharing options...
Somers95 Posted November 21, 2013 Author Share Posted November 21, 2013 Yeah sorry i put $Count = 1 to just see if the it would login, providing the value was equal to 1. sorry about that confusion. <?php $host = "localhost"; $Username = "christopher"; $Password = "password"; $db_name = "test_db"; $tbl_name = "test"; //CONNECT TO SERVER mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT"); mysql_select_db("$db_name") or die("CANNOT SELECT DB"); //USERNAME AND PASSWORD FROM FORM $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; //SECURITY PROTECTION $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 1){ session_register("myusername"); session_register("mypassword"); header("Location: http://localhost/login/2/login_success.php/"); } else { echo "Wrong Username Or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
Jayden_Blade Posted November 21, 2013 Share Posted November 21, 2013 First Listen to Ch0cu3r... session__register and session_is_registered are depercated. Do not use them. You use the $_SESSION variable adding data to the session. You use this variable like another variable. So when setting the myusername and mypassword session items you use $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example echo 'myusername is: ' . $_SESSION['myusername'] . '<br />'; echo 'mypassword is: ' . $_SESSION['mypassword']; 2nd Verify myusername is correct in spelling and capitalization. Verify mypassword is correct in spelling and capitalization. Quote Link to comment Share on other sites More sharing options...
davidannis Posted November 21, 2013 Share Posted November 21, 2013 (edited) I believe that you should change header("location:main_login.php"); to header("Location: main_login.php"); Notice the capital L and the space after the colon. To be technically correct you should also use an absolute URL. Edited November 21, 2013 by davidannis Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 21, 2013 Share Posted November 21, 2013 the code you found on the Internet is so old and out of date that it won't even run under the latest php version. it also has a number of deficiencies, such as the login_success code won't prevent someone from accessing the protected page. you would be better off just writing your own login code from scratch, rather than to copy/paste something you found on the Internet. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.