Need help. PHP/MySQL login form

[RexRon]

Hello! I hope someone can help me with this. I will try to explain as best I can.

 

I have a login form on my page. I´m trying to make this work by using php and MySQL.

Heres the form: http://perfectnme.com (click the red button on the right. Username and password: admin).

 

I have managed to connect to the database as I´m not getting "wrong Password" and such.

However, I´m having trouble with redirecting after filling in correct username and password. Instead of redirecting to "login_success.php", I´m getting stuck on "checklogin.php" which looks like this:

 

 The tutorial I followed can be found here: http://www.phpeasystep.com/phptu/6.html

 

The only way I dffered from the tutorial is that instead of creating a file called "main_login.php", I edited the code in my page which is a HTML file. Here´s the portion with the form:

<div> 
  <!-- Button to open the modal login form -->
<button onclick="document.getElementById('id01').style.display='block'">Login Here</button>

<!-- The Modal -->
<div id="id01" class="modal">
  <span onclick="document.getElementById('id01').style.display='none'" 
class="close" title="Close Modal">×</span>

  <!-- Modal Content -->
  <form class="modal-content animate" name="form1" method="post" action="checklogin.php">
    <div class="imgcontainer_form">
      <img src="images/form_image.png" alt="PNME" class="avatar_form">
    </div>

    <div class="container">
      <label><b>Username</b></label>
      <input type="text" placeholder="Enter Username" name="myusername" id="myusername" required>

      <label><b>Password</b></label>
      <input type="password" placeholder="Enter Password" name="mypassword" id="mypassword" required>

      <button type="submit" name="Submit">Login</button>
      <input type="checkbox" Schecked="checked"> Remember me
    </div>

    <div class="container" style="background-color:#f1f1f1">
      <button type="button" onclick="document.getElementById('id01').style.display='none'" class="cancelbtn">Cancel</button>
      <span class="psw">Don´t have a user but would like to book us? <a href="#"><b>CLICK HERE</b></a> to get in touch!  </span>
    </div>
  </form>
</div>

The rest of the code resides in their respective files:

 

checklogin.php:

<?php

$host="**********"; // Host name 
$username="***********"; // Mysql username 
$password="************"; // Mysql password 
$db_name="*************"; // Database name 
$tbl_name="************"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

loginsuccess.php:

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>

I am aware of the "location:main_login.php" but I have tried to change this to an exisiting page but with no success.

 

logout.php:

<?php 
session_start();
session_destroy();
?>

I know there are minds out there a billion times brighter than mine   And I would greatly appreciate any help you can give me!

 

Sincerely

Ronny

[benanamen]

That tutorial is complete obsolete junk. Throw it away now and don't spend another second with it. You need to use PDO. They also want you to use MD5 to "encrypt" your password which is also very bad.

 

There is no 'fixing' this code. That 'tutorial' should be removed from the internet.

 

https://phpdelusions.net/pdo

Edited November 15, 2016 by benanamen

[RexRon]

Thanks for the info. I´ll be sure to do that next time but I really don´t feel like starting over on this one 

Any way to save it?

[Jacques1]

The tutorial is garbage from top to bottom. It must have been written ~20 years ago and never updated since. A lot of the functions don't even exist in modern PHP versions. In other words, you'll have to start over in any case -- and I doubt you'll want to rewrite the entire application when it has grown and is already in use.

 

So now is the best time. If you read the above PDO tutorial, use the new password hash API and exercise common sense, your code will be much, much better than any “tutorial” on the Internet.

[cyberRobot]

As others mentioned, the script is out of date. The mysql_* functions have been removed in PHP 7.0. The session_register() function was removed in PHP 5.4. And that's just to mention a few of the problems.

 

 

If you choose to continue, hopefully just for educational purposes , is PHP set to display all errors and warnings? You can make sure by adding the following to the top of your script during the debugging process:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Edited November 15, 2016 by cyberRobot

[RexRon]

Thank you all. I will try you suggestions.