it wont echo out

[dean012]

it wont echo out

echo " successsfully login!".$_SESSION['login']; or

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR...l1-strict.dtd">
<!--
 
 
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Yakity Yak</title>
<link href='http://fonts.googlea...=Oswald:400,300' rel='stylesheet' type='text/css'>
<link href='http://fonts.googlea...css?family=Abel|Satisfy' rel='stylesheet' type='text/css'>
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="wrapper">
 
  <p><!-- end #header --></p>
  <div id="header" class="container">
    <div id="logo">
      <h1><a href="#">Yakity Yak</a></h1>
    </div>
    <div id="menu">
      <ul>
        <li class="current_page_item"><a href="homepage.php">Homepage</a></li>
        <li><a href="trip.php">Destinations</a></li>
        <li><a href="contact.php">contact </a></li>
        <li><a href="login.php">Login</a></li>
<li><a href="#">Leader</a></li>
        <li></li>
        <li></li>
      </ul>
    </div>
  </div>
  <blockquote>
    <blockquote>
      <p> <center><img src="sd.jpg" width="999" height="300"  alt=""/></center>  </p>
    </blockquote>
  </blockquote>
  <div id="page">
    <div class="post">
      <h2 class="title"><a href="#">Welcome to Yakity yak club</a></h2>
<h1>Login</h1>
<form action='' method='post'>
Username: <input type='text' name='username'/></br>
password: <input type='password' name='password'/></br>
<input type='submit' value='Login 'name='login'/>

</form> 
 
</body>
</html>
 
<div class="entry">
 
</div>
    </div>
  </div>

</body>
</html>
 
 
<?php
$connect=mysql_connect("localhost","root","");
$db_selected = mysql_select_db("users", $connect); 
if(isset($_POST['login'])){
	
	$username= $_POST['username'];
	$password= $_POST['password'];
	
	if(!$username || !$password){
	echo "Fields were empty.<a href='registration.php'>Back</a>";

	}else{
	
	$find_multiple=" SELECT username FROM resgistration WHERE username='$username' ";
	$query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error());
		
		$query_username=$query['username'];
		$query_password=$query['password'];
		
			if($username="$query_username" && $password="$query_password"){
			
			$_SESSION['login']=$username;
			echo " successsfully login!".$_SESSION['login'];
			
			}else{
			echo "Invalid info";
	
	
	}
}
}
?>

[Barand]

you need to call session_start() at top of every page using $_SESSION.

 

It must be called before any output is sent to the browser including HTML output.

[dean012]

Notice: Undefined index: password in C:\Users\User\Desktop\lo\htdocs\login1.php on line 84

[Barand]

you only select username so there is no password in the row.

 

This is pretty useless exercise

$find_multiple=" SELECT username FROM resgistration WHERE username='$username' ";

You only need to select the password, you already know the username

[dean012]

?

[dean012]

ahh i get it

[dean012]

i ediited the code

$find_multiple=" SELECT username FROM resgistration WHERE username='$username',  ";
	$find_multiple=" SELECT password FROM resgistration WHERE password='$password',  ";
	$query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error());

it came out

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\lo\htdocs\login1.php on line 82
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

[Barand]

    }else{


        $find_multiple=" SELECT password FROM resgistration WHERE username='$username' ";

        $result = mysql_query($find_multiple ) or die (mysql_error());

        $query=mysql_fetch_assoc($result);

        if (mysql_num_rows($result)==1) {


            if($password==$query['password']){


                $_SESSION['login']=$username;

                echo " successsfully login!".$_SESSION['login'];


            }else{

                echo "Invalid info";

            }


        } else {

            echo "Invalid info";

        }    

    }

 

[aysiu]

i ediited the code

$find_multiple=" SELECT username FROM resgistration WHERE username='$username',  ";
	$find_multiple=" SELECT password FROM resgistration WHERE password='$password',  ";
	$query=mysql_fetch_assoc(mysql_query($find_multiple ))or die (mysql_error());

it came out

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\lo\htdocs\login1.php on line 82

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

This code doesn't make sense.

 

1. You define $find_multiple as one query, and then in the next line, you completely overwrite the first query with a second query.

 

2. As someone mentioned earlier, there's no point in selecting out something you already know. Your first query (that gets overwritten) says "Select the username I already know if the username matches the username I already know." Then your second query says "Select the password I already know if the password matches the password I already know."

 

3. Also, this isn't necessarily an error, but it looks very suspicious: is your table name actually resgistration and not registration?

 

4. The mysql_ extension is deprecated. You should use mysqli or PDO.

 

5. It seems as if you're storing your passwords in plain text instead of encrypting them. You should encrypt them.

[MDCode]

Just a side note for the above, you should hash passwords instead of encrypting unless you have a VERY good reason not too, which is almost never.

[aysiu]

Sorry. My bad. Yes, please hash instead of encrypting!

 

$hash=password_hash($password, PASSWORD_DEFAULT);

And later, to check an entered password:

if(password_verify($password, $hash)){
echo 'It matches.';
}