Jump to content

Login issues


Go to solution Solved by mac_gyver,

Recommended Posts

I'm trying to get the login feature for my website and I feel I'm almost there.. but whenever I try the feature with a valid username and password I get the echo ("Sorry, your credentials are invalid, Please try again") for an invalid username and/or password.

<?php
error_reporting(E_ALL);
include("function.php"); //connection to Database is defined in function.php
$host = "localhost"; //Host Name
$username = "username"; //MySQL username
$password = "password"; //MySQL password
$db_name = "database"; // Database Name
$tab_name = "users"; // Table Name

// Grab User submitted information
$username = $_POST["username"];
$password = $_POST["password"];

// Connect to the database
$con = mysql_connect("localhost","root","");
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("database")or die("cannot connect to DB");

$sql = "SELECT * FROM $tab_name WHERE username='$username' and password='$password' limit 1";

$result = mysql_query($sql);

while ($row = mysql_fetch_array($result));

if($row["username"]==$username && $row["password"]==$password)
header("Location: http://localhost/SITE/Homepage.htm");
    //echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";

?>

Any suggestions that can ameliorate my situation would be greatly appreciated! :)  (Been working on this for more than 2 weeks  :-\ )

Link to comment
https://forums.phpfreaks.com/topic/286738-login-issues/
Share on other sites

You don't reference a valid table name in your query as far as your code shows.

You don't check to ensure the query statement actually ran.

Is your username possibly a multi-word value?  You don't include it in quotes in your test, which btw is meaningless since your query could only possibly obtain a match already.

 

You turned on error checking but you don't display them.  Are you checking your error log to see if there is a message there?  Since this is in test still and not open to the public yet, try turning on 'display_errors' so you can see them as  you test.

Link to comment
https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471598
Share on other sites

You are on the path to destruction with this login script. You're not validating to escaping the variables that are being placed right into the query. You're also not hashing your passwords. Take a look at PDO or mysqli prepared statements, and hashing passwords is an absolute must. Also, unless you plan to take a long journey to learn all the ins and outs of authentication, you're better off using somebody elses code. I suggest a framework like Laravel, which has built in auth. Even on sites that are very small, you compromise your user's personal email accounts and more when you use weak authentication.

Link to comment
https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471599
Share on other sites

  • Solution

the main reason your code isn't producing the result you expect is your while(){} loop, which you don't need any ways. after the end of your (empty) while loop, $row in a false value (the last value assigned to it.)

 

since your query is expected to match either zero or one row, there's no point in using a loop to fetch the result from the query (if you did have a need to use a loop to fetch data from a query, you would use the fetched data inside the loop.) for your purpose, you would first test if the query worked at all, then test if it matched any row(s) to know if the username/password being tested in the query matched a row in the database table. then you would use just $row = mysql_fetch_array($result); (or even better yet learn to use the mysqli or PDO functions as has already been stated) to fetch that row (assuming you need to retrieve the user id for that row to remember who the logged in user is in a session variable.)

Link to comment
https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471644
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.