dean012 Posted November 28, 2013 Share Posted November 28, 2013 it wont echo out echo " successsfully login!".$_SESSION['login']; or <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR...l1-strict.dtd"> <!-- --> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta name="keywords" content="" /> <meta name="description" content="" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Yakity Yak</title> <link href='http://fonts.googlea...=Oswald:400,300' rel='stylesheet' type='text/css'> <link href='http://fonts.googlea...css?family=Abel|Satisfy' rel='stylesheet' type='text/css'> <link href="style.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body> <div id="wrapper"> <p><!-- end #header --></p> <div id="header" class="container"> <div id="logo"> <h1><a href="#">Yakity Yak</a></h1> </div> <div id="menu"> <ul> <li class="current_page_item"><a href="homepage.php">Homepage</a></li> <li><a href="trip.php">Destinations</a></li> <li><a href="contact.php">contact </a></li> <li><a href="login.php">Login</a></li> <li><a href="#">Leader</a></li> <li></li> <li></li> </ul> </div> </div> <blockquote> <blockquote> <p> <center><img src="sd.jpg" width="999" height="300" alt=""/></center> </p> </blockquote> </blockquote> <div id="page"> <div class="post"> <h2 class="title"><a href="#">Welcome to Yakity yak club</a></h2> <h1>Login</h1> <form action='' method='post'> Username: <input type='text' name='username'/></br> password: <input type='password' name='password'/></br> <input type='submit' value='Login 'name='login'/> </form> </body> </html> <div class="entry"> </div> </div> </div> </body> </html> <?php $connect=mysql_connect("localhost","root",""); $db_selected = mysql_select_db("users", $connect); if(isset($_POST['login'])){ $username= $_POST['username']; $password= $_POST['password']; if(!$username || !$password){ echo "Fields were empty.<a href='registration.php'>Back</a>"; }else{ $find_multiple=" SELECT username FROM resgistration WHERE username='$username' "; $query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error()); $query_username=$query['username']; $query_password=$query['password']; if($username="$query_username" && $password="$query_password"){ $_SESSION['login']=$username; echo " successsfully login!".$_SESSION['login']; }else{ echo "Invalid info"; } } } ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted November 28, 2013 Share Posted November 28, 2013 you need to call session_start() at top of every page using $_SESSION. It must be called before any output is sent to the browser including HTML output. Quote Link to comment Share on other sites More sharing options...
dean012 Posted November 28, 2013 Author Share Posted November 28, 2013 Notice: Undefined index: password in C:\Users\User\Desktop\lo\htdocs\login1.php on line 84 Quote Link to comment Share on other sites More sharing options...
Barand Posted November 28, 2013 Share Posted November 28, 2013 (edited) you only select username so there is no password in the row. This is pretty useless exercise $find_multiple=" SELECT username FROM resgistration WHERE username='$username' "; You only need to select the password, you already know the username Edited November 28, 2013 by Barand Quote Link to comment Share on other sites More sharing options...
dean012 Posted November 28, 2013 Author Share Posted November 28, 2013 ? Quote Link to comment Share on other sites More sharing options...
dean012 Posted November 28, 2013 Author Share Posted November 28, 2013 ahh i get it Quote Link to comment Share on other sites More sharing options...
dean012 Posted November 28, 2013 Author Share Posted November 28, 2013 (edited) i ediited the code $find_multiple=" SELECT username FROM resgistration WHERE username='$username', "; $find_multiple=" SELECT password FROM resgistration WHERE password='$password', "; $query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error()); it came out Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\lo\htdocs\login1.php on line 82You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Edited November 28, 2013 by dean012 Quote Link to comment Share on other sites More sharing options...
Barand Posted November 28, 2013 Share Posted November 28, 2013 (edited) }else{ $find_multiple=" SELECT password FROM resgistration WHERE username='$username' "; $result = mysql_query($find_multiple ) or die (mysql_error()); $query=mysql_fetch_assoc($result); if (mysql_num_rows($result)==1) { if($password==$query['password']){ $_SESSION['login']=$username; echo " successsfully login!".$_SESSION['login']; }else{ echo "Invalid info"; } } else { echo "Invalid info"; } } Edited November 28, 2013 by Barand Quote Link to comment Share on other sites More sharing options...
aysiu Posted November 29, 2013 Share Posted November 29, 2013 i ediited the code $find_multiple=" SELECT username FROM resgistration WHERE username='$username', "; $find_multiple=" SELECT password FROM resgistration WHERE password='$password', "; $query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error()); it came out Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\lo\htdocs\login1.php on line 82 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 This code doesn't make sense. 1. You define $find_multiple as one query, and then in the next line, you completely overwrite the first query with a second query. 2. As someone mentioned earlier, there's no point in selecting out something you already know. Your first query (that gets overwritten) says "Select the username I already know if the username matches the username I already know." Then your second query says "Select the password I already know if the password matches the password I already know." 3. Also, this isn't necessarily an error, but it looks very suspicious: is your table name actually resgistration and not registration? 4. The mysql_ extension is deprecated. You should use mysqli or PDO. 5. It seems as if you're storing your passwords in plain text instead of encrypting them. You should encrypt them. Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 29, 2013 Share Posted November 29, 2013 Just a side note for the above, you should hash passwords instead of encrypting unless you have a VERY good reason not too, which is almost never. Quote Link to comment Share on other sites More sharing options...
aysiu Posted November 29, 2013 Share Posted November 29, 2013 Sorry. My bad. Yes, please hash instead of encrypting! $hash=password_hash($password, PASSWORD_DEFAULT); And later, to check an entered password: if(password_verify($password, $hash)){ echo 'It matches.'; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.