Jump to content

Recommended Posts

Hello, I was making a login page with PHP and Mysql and have managed to debug all the errors, but the page says 'Wrong Username or Password' even though i have typed in the right password from the table. 

 

I was wondering if anyone could help me. 

Thanks 

 

I have 4 php files:

main_login.php

check_login.php

login_success.php

logout.php 

 

Here is all the code: 

 

main_login.php:

<table>
	<tr>
		<form name="form1" method="post" action="check_login.php">
			<td>
				<table>
					<tr>
						<td><strong>Login form: </strong></td>
					</tr>
					
					<tr>
						<td>UserName</td>
						<td>:</td>
						<td><input name="myusername" type="text" id="myusername"/></td>
						
					</tr>
					<tr>
						<td>Password</td>
						<td>:</td>
						<td><input name="mypassword" type="text" id="mypassword"/>
							
						</td>
					</tr>
					<tr>
						<td> </td>
						<td> </td>
						<td><input type="Submit" name="Submit" value="Login"/></td>
					</tr>
						
				</table>
			</td>
		</form>
	</tr>
</table>



<?php


?>

 

check_login.php:

<?php
$host = "localhost"; 
$Username = "christopher";
$Password = "password";
$db_name = "test_db";
$tbl_name = "test";

	//CONNECT TO SERVER 
	mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT");
	mysql_select_db("$db_name") or die("CANNOT SELECT DB");
	
	//USERNAME AND PASSWORD FROM FORM
	$myusername=$_POST['myusername'];
	$mypassword=$_POST['mypassword'];
	
	//SECURITY PROTECTION
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	
	$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	 $result = mysql_query($sql);
	
	 $count = mysql_num_rows($result);
	$count = 1; 
	if($count == 1){
		session_register("myusername");
		session_register("mypassword");
		header("Location: http://localhost/login/2/login_success.php/");
		
	}	else {
		echo "Wrong Username Or Password";
	}
	
?>

login_success.php

<?php
	session_start();
	echo "login successful..";
	if(!session_is_registered(myusername)){
		header("location:main_login.php");
	}
?>

<html>
<body>
	LOGIN SUCCESSFUL
</body>
</html>

logout.php:

<?php 
session_start();
session_destroy();
?>

check_login.php

login_success.php

logout.php

main_login.php

Link to comment
https://forums.phpfreaks.com/topic/284132-login-page-does-not-work-php-and-mysql/
Share on other sites

session__register and session_is_registered are depercated. Do not use them.

 

You use the $_SESSION variable adding data to the session. You use this variable like another variable.

 

So when setting the myusername and mypassword session items you use

$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example

echo 'myusername is: ' . $_SESSION['myusername'] . '<br />';
echo 'mypassword is: ' . $_SESSION['mypassword'];

Yeah sorry i put $Count = 1 to just see if the it would login, providing the value was equal to 1. sorry about that confusion.

<?php
$host = "localhost"; 
$Username = "christopher";
$Password = "password";
$db_name = "test_db";
$tbl_name = "test";

	//CONNECT TO SERVER 
	mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT");
	mysql_select_db("$db_name") or die("CANNOT SELECT DB");
	
	//USERNAME AND PASSWORD FROM FORM
	$myusername=$_POST['myusername'];
	$mypassword=$_POST['mypassword'];
	
	//SECURITY PROTECTION
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	
	$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	 $result = mysql_query($sql);
	
	 $count = mysql_num_rows($result);
	
	if($count == 1){
		session_register("myusername");
		session_register("mypassword");
		header("Location: http://localhost/login/2/login_success.php/");
		
	}	else {
		echo "Wrong Username Or Password";
	}
	
?> 

First Listen to Ch0cu3r...

 

session__register and session_is_registered are depercated. Do not use them.

 

You use the $_SESSION variable adding data to the session. You use this variable like another variable.

 

So when setting the myusername and mypassword session items you use

$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example

echo 'myusername is: ' . $_SESSION['myusername'] . '<br />';
echo 'mypassword is: ' . $_SESSION['mypassword'];

2nd Verify myusername is correct in spelling and capitalization. Verify mypassword is correct in spelling and capitalization.

I believe that you should change

header("location:main_login.php");

to

header("Location: main_login.php");

Notice the capital L and the space after the colon. To be technically correct you should also use an absolute URL.

Edited by davidannis

the code you found on the Internet is so old and out of date that it won't even run under the latest php version. it also has a number of deficiencies, such as the login_success code won't prevent someone from accessing the protected page.

 

you would be better off just writing your own login code from scratch, rather than to copy/paste something you found on the Internet.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.