Jump to content


Photo

my login.php did not select from mysql


  • Please log in to reply
5 replies to this topic

#1 ephdee

ephdee
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 17 February 2017 - 03:09 PM

Hi am new to php and am facing some difficulty concerning the login.php. My register.php is inserting to the database but when i try to select it so i can login it keeps showing me the errmsg. These are the codes..

<?php
 ob_start();
 session_start();
 require_once 'dbconnect.php';
 
 // it will never let you open index(login) page if session is set
 if ( isset($_SESSION['user'])!="" ) {
  header("Location: home.php");
  exit;
 }
 
 $error = false;
 
 if( isset($_POST['btn-login']) ) { 
  
  // prevent sql injections/ clear user invalid inputs
  $userlogin = trim($_POST['userlogin']);
  $userlogin = strip_tags($userlogin);
  $userlogin = htmlspecialchars($userlogin);
  
  $pass = trim($_POST['pass']);
  $pass = strip_tags($pass);
  $pass = htmlspecialchars($pass);
  // prevent sql injections / clear user invalid inputs
  
  if(empty($userlogin)){
   $error = true;
   $userloginError = "Please enter your loginid.";
  } 
  
  if(empty($pass)){
   $error = true;
   $passError = "Please enter your password.";
  }
  
  // if there's no error, continue to login
  if (!$error) {
   
   $usepassword = hash('sha256', $pass); // password hashing using SHA256
  
   $res=mysql_query("SELECT `id`, `loginid`, `firstname`, `middlename`, `lastname`, `phone`, `email`, `password`, `cpassword`, `answer` FROM icpl WHERE userlogin='$userlogin' AND usepassword='$usepassword'");
   $row=mysql_fetch_array($res);
   $count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
   
    
   
   
   if( $count == 1 && $row['password']==$usepassword && $row['loginid']==$userlogin ) {
	  $_SESSION['user'] =true;
    $_SESSION['user'] = $row['loginid'];
	
	
	
   
	
    header("Location: home.php");
   } 
   
   
   else {
    $errMSG = "Incorrect Credentials, Try again...";
	
   }
    
  }
  
 }
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="login-registration-php-new/assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
<style type="text/css">
#apDiv1 {
	position: absolute;
	width: 200px;
	height: 115px;
	z-index: 1;
	left: 236px;
	top: 139px;
}
#apDiv2 {
	position: absolute;
	width: 200px;
	height: 115px;
	z-index: 1;
	left: 501px;
	top: -17px;
}
.container #login-form form .col-md-12 .form-group #apDiv2 .form-group h2 {
	color: #F00;
}
</style>
</head>
<body>


<div class="container">

 <div id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
    
     <div class="col-md-12">
        
         <div class="form-group">
             <div id="apDiv2">
               <div class="form-group">
                 <h2 class="">Sign In.</h2>
               </div>
               <div class="form-group">
                 <div class="form-group"><span class="text-danger"><?php echo $passError; ?></span></div>
                 <span class="text-danger"><?php echo $userloginError; ?></span>
                 <hr />
                 <?php
   if ( isset($errMSG) ) {
    
    ?>
               </div>
               <div class="form-group">
                 <div class="alert alert-danger"> <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?></div>
               </div>
               <?php
   }
   ?>
               <div class="form-group">
                 <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
                   <input type="text" name="userlogin" class="form-control" placeholder="Your LoginId" value="<?php 
				   echo $userlogin; ?>" maxlength="40" />
                 </div>
               </div>
               <div class="form-group">
                 <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
                   <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
                 </div>
               </div>
               <div class="form-group">
                 <hr />
               </div>
               <div class="form-group">
                 <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
               </div>
               <div class="form-group">
                 <hr />
               </div>
               <div class="form-group"> <a href="../../register.php">Sign Up Here...</a></div>
             </div>
             <h2 class="">&nbsp;</h2>
        </div>
</div>
  
    </form>
    </div> 

</div>

</body>
</html>
<?php ob_end_flush(); ?>


#2 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,193 posts

Posted 17 February 2017 - 04:09 PM

Your code is obsolete and vulnerable to exploits and has been completely removed from Php. You need to use PDO with prepared statements.

 

https://phpdelusions.net/pdo


To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

#3 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 17,508 posts
  • LocationCheshire, UK
  • Age:68

Posted 17 February 2017 - 04:28 PM

... it keeps showing me the errmsg.


What error message? Give us a clue.


If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.







moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#4 ginerjm

ginerjm
  • Members
  • PipPipPip
  • Handball player
  • 3,398 posts
  • LocationVoorheesville NY

Posted 17 February 2017 - 04:30 PM

One more thing. If you are doing a query with a where clause to find the record that you want, why would you then examine the results to see if the same fields match the input values? By definition they already do!
JG
PS - If you're posting here you should be using:
        error_reporting(E_ALL);
        ini_set('display_errors', '1');

at the top of ALL php code while you develop it!

#5 DanEthical

DanEthical
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 18 February 2017 - 01:33 AM

Use MySQLi or PDO. MySQL is deprecated since php 5.5 and completely removed from php 7.



#6 fatkatie

fatkatie
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 18 February 2017 - 01:46 AM

If there are no constraints on the database a read-back might be a good thing to do. .  If for the count anyway.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users