ephdee Posted February 17, 2017 Share Posted February 17, 2017 Hi am new to php and am facing some difficulty concerning the login.php. My register.php is inserting to the database but when i try to select it so i can login it keeps showing me the errmsg. These are the codes.. <?php ob_start(); session_start(); require_once 'dbconnect.php'; // it will never let you open index(login) page if session is set if ( isset($_SESSION['user'])!="" ) { header("Location: home.php"); exit; } $error = false; if( isset($_POST['btn-login']) ) { // prevent sql injections/ clear user invalid inputs $userlogin = trim($_POST['userlogin']); $userlogin = strip_tags($userlogin); $userlogin = htmlspecialchars($userlogin); $pass = trim($_POST['pass']); $pass = strip_tags($pass); $pass = htmlspecialchars($pass); // prevent sql injections / clear user invalid inputs if(empty($userlogin)){ $error = true; $userloginError = "Please enter your loginid."; } if(empty($pass)){ $error = true; $passError = "Please enter your password."; } // if there's no error, continue to login if (!$error) { $usepassword = hash('sha256', $pass); // password hashing using SHA256 $res=mysql_query("SELECT `id`, `loginid`, `firstname`, `middlename`, `lastname`, `phone`, `email`, `password`, `cpassword`, `answer` FROM icpl WHERE userlogin='$userlogin' AND usepassword='$usepassword'"); $row=mysql_fetch_array($res); $count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row if( $count == 1 && $row['password']==$usepassword && $row['loginid']==$userlogin ) { $_SESSION['user'] =true; $_SESSION['user'] = $row['loginid']; header("Location: home.php"); } else { $errMSG = "Incorrect Credentials, Try again..."; } } } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Coding Cage - Login & Registration System</title> <link rel="stylesheet" href="login-registration-php-new/assets/css/bootstrap.min.css" type="text/css" /> <link rel="stylesheet" href="style.css" type="text/css" /> <style type="text/css"> #apDiv1 { position: absolute; width: 200px; height: 115px; z-index: 1; left: 236px; top: 139px; } #apDiv2 { position: absolute; width: 200px; height: 115px; z-index: 1; left: 501px; top: -17px; } .container #login-form form .col-md-12 .form-group #apDiv2 .form-group h2 { color: #F00; } </style> </head> <body> <div class="container"> <div id="login-form"> <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off"> <div class="col-md-12"> <div class="form-group"> <div id="apDiv2"> <div class="form-group"> <h2 class="">Sign In.</h2> </div> <div class="form-group"> <div class="form-group"><span class="text-danger"><?php echo $passError; ?></span></div> <span class="text-danger"><?php echo $userloginError; ?></span> <hr /> <?php if ( isset($errMSG) ) { ?> </div> <div class="form-group"> <div class="alert alert-danger"> <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?></div> </div> <?php } ?> <div class="form-group"> <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span> <input type="text" name="userlogin" class="form-control" placeholder="Your LoginId" value="<?php echo $userlogin; ?>" maxlength="40" /> </div> </div> <div class="form-group"> <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span> <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" /> </div> </div> <div class="form-group"> <hr /> </div> <div class="form-group"> <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button> </div> <div class="form-group"> <hr /> </div> <div class="form-group"> <a href="../../register.php">Sign Up Here...</a></div> </div> <h2 class=""> </h2> </div> </div> </form> </div> </div> </body> </html> <?php ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
benanamen Posted February 17, 2017 Share Posted February 17, 2017 Your code is obsolete and vulnerable to exploits and has been completely removed from Php. You need to use PDO with prepared statements. https://phpdelusions.net/pdo Quote Link to comment Share on other sites More sharing options...
Barand Posted February 17, 2017 Share Posted February 17, 2017 ... it keeps showing me the errmsg. What error message? Give us a clue. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted February 17, 2017 Share Posted February 17, 2017 One more thing. If you are doing a query with a where clause to find the record that you want, why would you then examine the results to see if the same fields match the input values? By definition they already do! Quote Link to comment Share on other sites More sharing options...
Moorcam Posted February 18, 2017 Share Posted February 18, 2017 Use MySQLi or PDO. MySQL is deprecated since php 5.5 and completely removed from php 7. Quote Link to comment Share on other sites More sharing options...
fatkatie Posted February 18, 2017 Share Posted February 18, 2017 If there are no constraints on the database a read-back might be a good thing to do. . If for the count anyway. Quote Link to comment Share on other sites More sharing options...
ephdee Posted February 20, 2017 Author Share Posted February 20, 2017 How do i change the code from mysql to mysqli or pdo? Quote Link to comment Share on other sites More sharing options...
Barand Posted February 20, 2017 Share Posted February 20, 2017 Follow the link that benanamen gave you in reply #2 above Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.