Andrew12313413 Posted January 21, 2014 Share Posted January 21, 2014 When I enter a combo of username/password credentials, the form isn't redirecting as it should <?php include('config.php'); @ob_start(); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); $row= mysql_fetch_array($result); $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { header('Location: welcome.php'); //header("Location: welcome.php"); } } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:14px; } label { font-weight:bold; width:100px; font-size:14px; } .box { border:#666666 solid 1px; } </style> </head> <body bgcolor="#FFFFFF"> <div align="center"> <div style="width:300px; border: solid 1px #333333; " align="left"> <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div> <div style="margin:30px"> <form action="" method="post"> <label>UserName :</label><input type="text" name="username" class="box"/><br /><br /> <label>Password :</label><input type="password" name="password" class="box" /><br/><br /> <input type="submit" value=" Submit " name="submit"/><br /> </form> <div style="font-size:11px; color:#cc0000; margin-top:10px"></div> </div> </div> </div> </body> <?php } ?> </html> Quote Link to comment Share on other sites More sharing options...
Mace Posted January 21, 2014 Share Posted January 21, 2014 Try to var_dump($count) right before your if($count==1) statement. See what the result of your count is. Also, it's better to use an exit; right after your header(Location) te prevent the code to continue after setting the header. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Also note that you could skip the mysql_num_rows() function altogether. The mysql_fetch_array() function returns false when there are no rows. Otherwise, it returns a value which will equate to true. // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header('Location: welcome.php'); exit; } Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 Still not working for me, this is my code with your suggestion <?php include('config.php'); @ob_start(); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); $row= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); } } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:14px; } label { font-weight:bold; width:100px; font-size:14px; } .box { border:#666666 solid 1px; } </style> </head> <body bgcolor="#FFFFFF"> <div align="center"> <div style="width:300px; border: solid 1px #333333; " align="left"> <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div> <div style="margin:30px"> <form action="" method="post"> <label>UserName :</label><input type="text" name="username" class="box"/><br /><br /> <label>Password :</label><input type="password" name="password" class="box" /><br/><br /> <input type="submit" value=" Submit " name="submit"/><br /> </form> <div style="font-size:11px; color:#cc0000; margin-top:10px"></div> </div> </div> </div> </body> <?php } ?> </html> Quote Link to comment Share on other sites More sharing options...
Mace Posted January 21, 2014 Share Posted January 21, 2014 try echo $sql;exit; right after setting your statement. Then copy paste the query that is outputted in your phpMyAdmin or any other database program you're using. See if your query event works. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Your calling mysql_fetch_array() twice. The first one processes the row leaving the second one with no results. Remove the first function call. $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); $row= mysql_fetch_array($result); //<-- REMOVE THIS // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } Also, remember to add the call to "exit" after the header() function. Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 (edited) <?php include('config.php'); @ob_start(); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:14px; } label { font-weight:bold; width:100px; font-size:14px; } .box { border:#666666 solid 1px; } </style> </head> <body bgcolor="#FFFFFF"> <div align="center"> <div style="width:300px; border: solid 1px #333333; " align="left"> <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div> <div style="margin:30px"> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> <label>UserName :</label><input type="text" name="username" class="box"/><br /><br /> <label>Password :</label><input type="password" name="password" class="box" /><br/><br /> <input type="submit" value=" Submit " name="submit"/><br /> </form> <div style="font-size:11px; color:#cc0000; margin-top:10px"></div> </div> </div> </div> </body> <?php } ?> </html> Removed the conflicting $row and added exit; yet it is still not working. Edited January 21, 2014 by Andrew12313413 Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Did you try displaying the POST variables to see if they contain what you expect? For example, you could trying something like this: <?php print '<pre>' . print_r($_POST, true) . '</pre>'; include('config.php'); @ob_start(); if (isset($_POST['submit'])) //... ?> Note that you'll probably see some errors when the form first appears. But the form information should be displayed once the form is submitted. Also note that you'll want to check out the following article regarding the use of PHP_SELF as the form action: http://seancoates.com/blogs/xss-woes Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 Corrections: Using a separate file for login check: processlogin.php Here the code for that: <?php include('config.php'); @ob_start(); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } } i used the following function and it returned the username/password as an array, print '<pre>' . print_r($_POST, true) . '</pre>'; So I'm guessing that there must be something I'm not seeing in my SQL exec Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Perhaps you're getting a SQL error. As written, the code won't show the errors since output buffering is turned on. Try commenting out the ob_start() function: <?php include('config.php'); // @ob_start(); if (isset($_POST['submit'])) //... Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 I tried that, but no luck yet. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Did you try Mace's suggestion? http://forums.phpfreaks.com/topic/285553-login-form-not-working/?do=findComment&comment=1466008 Note that you'll need to comment out the output buffering line. Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 When I try that I'm not seeing any output Did you try Mace's suggestion? http://forums.phpfreaks.com/topic/285553-login-form-not-working/?do=findComment&comment=1466008 Note that you'll need to comment out the output buffering line. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 When you submit the form, what happens? Does the form appear again, does it display a blank page, etc.? Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 When you submit the form, what happens? Does the form appear again, does it display a blank page, etc.? Yea, I get a blank page. Thanks for your continued help on this. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Thanks for your continued help on this. No problem Have you tried echoing something inside the if construct? For example <?php include('config.php'); // @ob_start(); if (isset($_POST['submit'])) { echo 'here'; //... If it displays "here", try displaying the SQL query: $sql = "SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; echo $sql; Quote Link to comment Share on other sites More sharing options...
Mace Posted January 21, 2014 Share Posted January 21, 2014 and I was wondering why you were buffering your output with ob_start(); but i see that cyberRobot already put it in comments in his post. Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 I removed the @ob_start(); <?php include('config.php'); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } } ?> I'm still seeing a blank page @processlogin.php Quote Link to comment Share on other sites More sharing options...
Mace Posted January 21, 2014 Share Posted January 21, 2014 Did you check what cyberRobot suggested? first an echo "here"; and then after the $sql echo $sql; Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 Some pregress: When I try that $sql; exit; I get the following SELECT * FROM users WHERE username='admin' and password='admin' So why isn't it redirecting as it should? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Does your database contain an entry which has the username set to "admin" and the corresponding password set to "admin"? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 21, 2014 Share Posted January 21, 2014 Note that you can check if the query returned matches by adding the echo statement below: //... $result= mysql_query($sql) or die(mysql_error()); echo 'Number of matches: ' . mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } //... Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 I tried that, but the form isn't even doing anything, it should display processlogin.php Here's the code I have: <?php include('config.php'); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); echo 'Number of matches:' . mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } } ?> Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 and yeah both the username and password correspond to each other Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 21, 2014 Share Posted January 21, 2014 you have stated the form isn't doing anything, apparently not going to the processlogin.php page AND you have echoed the $sql variable and it contains what you expect. both of those events cannot be occurring at the same time. what is your current form and current form processing code and please start posting any code from each file using the forum's bbcode tags (the edit form's <> button). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.