Login Page Does Not Work Php and Mysql

[Somers95]

Hello, I was making a login page with PHP and Mysql and have managed to debug all the errors, but the page says 'Wrong Username or Password' even though i have typed in the right password from the table. 

 

I was wondering if anyone could help me. 

Thanks 

 

I have 4 php files:

main_login.php

check_login.php

login_success.php

logout.php 

 

Here is all the code: 

 

main_login.php:

<table>
	<tr>
		<form name="form1" method="post" action="check_login.php">
			<td>
				<table>
					<tr>
						<td><strong>Login form: </strong></td>
					</tr>
					
					<tr>
						<td>UserName</td>
						<td>:</td>
						<td><input name="myusername" type="text" id="myusername"/></td>
						
					</tr>
					<tr>
						<td>Password</td>
						<td>:</td>
						<td><input name="mypassword" type="text" id="mypassword"/>
							
						</td>
					</tr>
					<tr>
						<td> </td>
						<td> </td>
						<td><input type="Submit" name="Submit" value="Login"/></td>
					</tr>
						
				</table>
			</td>
		</form>
	</tr>
</table>



<?php


?>

 

check_login.php:

<?php
$host = "localhost"; 
$Username = "christopher";
$Password = "password";
$db_name = "test_db";
$tbl_name = "test";

	//CONNECT TO SERVER 
	mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT");
	mysql_select_db("$db_name") or die("CANNOT SELECT DB");
	
	//USERNAME AND PASSWORD FROM FORM
	$myusername=$_POST['myusername'];
	$mypassword=$_POST['mypassword'];
	
	//SECURITY PROTECTION
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	
	$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	 $result = mysql_query($sql);
	
	 $count = mysql_num_rows($result);
	$count = 1; 
	if($count == 1){
		session_register("myusername");
		session_register("mypassword");
		header("Location: http://localhost/login/2/login_success.php/");
		
	}	else {
		echo "Wrong Username Or Password";
	}
	
?>

login_success.php

<?php
	session_start();
	echo "login successful..";
	if(!session_is_registered(myusername)){
		header("location:main_login.php");
	}
?>

<html>
<body>
	LOGIN SUCCESSFUL
</body>
</html>

logout.php:

<?php 
session_start();
session_destroy();
?>

check_login.php

login_success.php

logout.php

main_login.php

[jairathnem]

I dont understand your logic in check_login.php

 

 

1. $count = mysql_num_rows($result);
2. $count = 1;
3. if($count == 1)

you get the count of rows returned from DB and store in $count, you re-assign $count to 1 and check if $count=1?   

[Ch0cu3r]

session__register and session_is_registered are depercated. Do not use them.

 

You use the $_SESSION variable adding data to the session. You use this variable like another variable.

 

So when setting the myusername and mypassword session items you use

$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example

echo 'myusername is: ' . $_SESSION['myusername'] . '<br />';
echo 'mypassword is: ' . $_SESSION['mypassword'];

[Somers95]

Yeah sorry i put $Count = 1 to just see if the it would login, providing the value was equal to 1. sorry about that confusion.

<?php
$host = "localhost"; 
$Username = "christopher";
$Password = "password";
$db_name = "test_db";
$tbl_name = "test";

	//CONNECT TO SERVER 
	mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT");
	mysql_select_db("$db_name") or die("CANNOT SELECT DB");
	
	//USERNAME AND PASSWORD FROM FORM
	$myusername=$_POST['myusername'];
	$mypassword=$_POST['mypassword'];
	
	//SECURITY PROTECTION
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	
	$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	 $result = mysql_query($sql);
	
	 $count = mysql_num_rows($result);
	
	if($count == 1){
		session_register("myusername");
		session_register("mypassword");
		header("Location: http://localhost/login/2/login_success.php/");
		
	}	else {
		echo "Wrong Username Or Password";
	}
	
?> 

[Jayden_Blade]

First Listen to Ch0cu3r...

 

session__register and session_is_registered are depercated. Do not use them.

 

You use the $_SESSION variable adding data to the session. You use this variable like another variable.

 

So when setting the myusername and mypassword session items you use

$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

To get the myusername and mypassword from the session use the $_SESSION['myusername'] and $_SESSION['mypassword'] variables, example

echo 'myusername is: ' . $_SESSION['myusername'] . '<br />';
echo 'mypassword is: ' . $_SESSION['mypassword'];

2nd Verify myusername is correct in spelling and capitalization. Verify mypassword is correct in spelling and capitalization.

[davidannis]

I believe that you should change

header("location:main_login.php");

to

header("Location: main_login.php");

Notice the capital L and the space after the colon. To be technically correct you should also use an absolute URL.

[mac_gyver]

the code you found on the Internet is so old and out of date that it won't even run under the latest php version. it also has a number of deficiencies, such as the login_success code won't prevent someone from accessing the protected page.

 

you would be better off just writing your own login code from scratch, rather than to copy/paste something you found on the Internet.