Jump to content

Recommended Posts

Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.

 

<?php


echo "


<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";


$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";


mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");


if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);


if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}


?>
Edited by Ch0cu3r
Link to comment
https://forums.phpfreaks.com/topic/291911-php-login-script-need-help-please/
Share on other sites

1. Don't use mysql functions, they are depreciated.  Use PDO or mysqli.

2. You are not sanitizing any inputs, this is bad, and can lead to server hijacks.

3. You do not have error checking or display errors set (you should have this enabled for all development), or you would see multiple problems with this code.

Top of script

error_reporting(-1);ini_set('display_errors',1);

4. You are checking each username against your database password.

5. You are trying to query the database with an array from the database.

$row = mysql_fetch_array($sql);$bancheck = mysql_query($row);
6. You are trying to use a constant that hasn't been defined, perhaps you mean it to be a variable (php will try to interpret it as a string, which means it will always fail in this instance).
if($row['active']==0 && [b]count[/b]==0) {

That is all I see at a quick glance.
Edited by jcbones

I am now getting this error Catchable fatal error: Object of class mysqli could not be converted to string in /home/nebulafiles/public_html/testlog.php on line 11

<?phperror_reporting(-1);ini_set('display_errors',1);




$host = "localhost";
$username= "nebulafi_syst3m";
$password = "Kuxx#Hd6u9gC";
$db_name = "nebulafi_syst3m";


$connect = mysqli_connect("$host", "$username", "$password")or die("Connection Failed.");
$selectdb = mysqli_select_db("$db_name", "$connect")or die("DB Not Found.");




?>
    
                 <html>
<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
</html>
Edited by Ch0cu3r
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.