Aron2996 Posted March 6, 2014 Share Posted March 6, 2014 I'm trying to get the login feature for my website and I feel I'm almost there.. but whenever I try the feature with a valid username and password I get the echo ("Sorry, your credentials are invalid, Please try again") for an invalid username and/or password. <?php error_reporting(E_ALL); include("function.php"); //connection to Database is defined in function.php $host = "localhost"; //Host Name $username = "username"; //MySQL username $password = "password"; //MySQL password $db_name = "database"; // Database Name $tab_name = "users"; // Table Name // Grab User submitted information $username = $_POST["username"]; $password = $_POST["password"]; // Connect to the database $con = mysql_connect("localhost","root",""); // Make sure we connected succesfully if(! $con) { die('Connection Failed'.mysql_error()); } // Select the database to use mysql_select_db("database")or die("cannot connect to DB"); $sql = "SELECT * FROM $tab_name WHERE username='$username' and password='$password' limit 1"; $result = mysql_query($sql); while ($row = mysql_fetch_array($result)); if($row["username"]==$username && $row["password"]==$password) header("Location: http://localhost/SITE/Homepage.htm"); //echo"You are a validated user."; else echo"Sorry, your credentials are not valid, Please try again."; ?> Any suggestions that can ameliorate my situation would be greatly appreciated! (Been working on this for more than 2 weeks ) Quote Link to comment https://forums.phpfreaks.com/topic/286738-login-issues/ Share on other sites More sharing options...
ginerjm Posted March 6, 2014 Share Posted March 6, 2014 You don't reference a valid table name in your query as far as your code shows. You don't check to ensure the query statement actually ran. Is your username possibly a multi-word value? You don't include it in quotes in your test, which btw is meaningless since your query could only possibly obtain a match already. You turned on error checking but you don't display them. Are you checking your error log to see if there is a message there? Since this is in test still and not open to the public yet, try turning on 'display_errors' so you can see them as you test. Quote Link to comment https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471598 Share on other sites More sharing options...
sKunKbad Posted March 6, 2014 Share Posted March 6, 2014 You are on the path to destruction with this login script. You're not validating to escaping the variables that are being placed right into the query. You're also not hashing your passwords. Take a look at PDO or mysqli prepared statements, and hashing passwords is an absolute must. Also, unless you plan to take a long journey to learn all the ins and outs of authentication, you're better off using somebody elses code. I suggest a framework like Laravel, which has built in auth. Even on sites that are very small, you compromise your user's personal email accounts and more when you use weak authentication. Quote Link to comment https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471599 Share on other sites More sharing options...
Solution mac_gyver Posted March 6, 2014 Solution Share Posted March 6, 2014 the main reason your code isn't producing the result you expect is your while(){} loop, which you don't need any ways. after the end of your (empty) while loop, $row in a false value (the last value assigned to it.) since your query is expected to match either zero or one row, there's no point in using a loop to fetch the result from the query (if you did have a need to use a loop to fetch data from a query, you would use the fetched data inside the loop.) for your purpose, you would first test if the query worked at all, then test if it matched any row(s) to know if the username/password being tested in the query matched a row in the database table. then you would use just $row = mysql_fetch_array($result); (or even better yet learn to use the mysqli or PDO functions as has already been stated) to fetch that row (assuming you need to retrieve the user id for that row to remember who the logged in user is in a session variable.) Quote Link to comment https://forums.phpfreaks.com/topic/286738-login-issues/#findComment-1471644 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.