Jump to content


Photo

my login.php did not select from mysql


  • Please log in to reply
7 replies to this topic

#1 ephdee

ephdee
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 17 February 2017 - 03:09 PM

Hi am new to php and am facing some difficulty concerning the login.php. My register.php is inserting to the database but when i try to select it so i can login it keeps showing me the errmsg. These are the codes..

<?php
 ob_start();
 session_start();
 require_once 'dbconnect.php';
 
 // it will never let you open index(login) page if session is set
 if ( isset($_SESSION['user'])!="" ) {
  header("Location: home.php");
  exit;
 }
 
 $error = false;
 
 if( isset($_POST['btn-login']) ) { 
  
  // prevent sql injections/ clear user invalid inputs
  $userlogin = trim($_POST['userlogin']);
  $userlogin = strip_tags($userlogin);
  $userlogin = htmlspecialchars($userlogin);
  
  $pass = trim($_POST['pass']);
  $pass = strip_tags($pass);
  $pass = htmlspecialchars($pass);
  // prevent sql injections / clear user invalid inputs
  
  if(empty($userlogin)){
   $error = true;
   $userloginError = "Please enter your loginid.";
  } 
  
  if(empty($pass)){
   $error = true;
   $passError = "Please enter your password.";
  }
  
  // if there's no error, continue to login
  if (!$error) {
   
   $usepassword = hash('sha256', $pass); // password hashing using SHA256
  
   $res=mysql_query("SELECT `id`, `loginid`, `firstname`, `middlename`, `lastname`, `phone`, `email`, `password`, `cpassword`, `answer` FROM icpl WHERE userlogin='$userlogin' AND usepassword='$usepassword'");
   $row=mysql_fetch_array($res);
   $count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
   
    
   
   
   if( $count == 1 && $row['password']==$usepassword && $row['loginid']==$userlogin ) {
	  $_SESSION['user'] =true;
    $_SESSION['user'] = $row['loginid'];
	
	
	
   
	
    header("Location: home.php");
   } 
   
   
   else {
    $errMSG = "Incorrect Credentials, Try again...";
	
   }
    
  }
  
 }
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="login-registration-php-new/assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
<style type="text/css">
#apDiv1 {
	position: absolute;
	width: 200px;
	height: 115px;
	z-index: 1;
	left: 236px;
	top: 139px;
}
#apDiv2 {
	position: absolute;
	width: 200px;
	height: 115px;
	z-index: 1;
	left: 501px;
	top: -17px;
}
.container #login-form form .col-md-12 .form-group #apDiv2 .form-group h2 {
	color: #F00;
}
</style>
</head>
<body>


<div class="container">

 <div id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
    
     <div class="col-md-12">
        
         <div class="form-group">
             <div id="apDiv2">
               <div class="form-group">
                 <h2 class="">Sign In.</h2>
               </div>
               <div class="form-group">
                 <div class="form-group"><span class="text-danger"><?php echo $passError; ?></span></div>
                 <span class="text-danger"><?php echo $userloginError; ?></span>
                 <hr />
                 <?php
   if ( isset($errMSG) ) {
    
    ?>
               </div>
               <div class="form-group">
                 <div class="alert alert-danger"> <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?></div>
               </div>
               <?php
   }
   ?>
               <div class="form-group">
                 <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
                   <input type="text" name="userlogin" class="form-control" placeholder="Your LoginId" value="<?php 
				   echo $userlogin; ?>" maxlength="40" />
                 </div>
               </div>
               <div class="form-group">
                 <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
                   <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
                 </div>
               </div>
               <div class="form-group">
                 <hr />
               </div>
               <div class="form-group">
                 <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
               </div>
               <div class="form-group">
                 <hr />
               </div>
               <div class="form-group"> <a href="../../register.php">Sign Up Here...</a></div>
             </div>
             <h2 class="">&nbsp;</h2>
        </div>
</div>
  
    </form>
    </div> 

</div>

</body>
</html>
<?php ob_end_flush(); ?>


#2 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,396 posts

Posted 17 February 2017 - 04:09 PM

Your code is obsolete and vulnerable to exploits and has been completely removed from Php. You need to use PDO with prepared statements.

 

https://phpdelusions.net/pdo


To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

 

"This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"


#3 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 17,594 posts

Posted 17 February 2017 - 04:28 PM

... it keeps showing me the errmsg.


What error message? Give us a clue.


If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#4 ginerjm

ginerjm
  • Members
  • PipPipPip
  • Handball player
  • 3,759 posts
  • LocationVoorheesville NY

Posted 17 February 2017 - 04:30 PM

One more thing. If you are doing a query with a where clause to find the record that you want, why would you then examine the results to see if the same fields match the input values? By definition they already do!
JG
PS - If you're posting here you should be using:
        error_reporting(E_ALL);
        ini_set('display_errors', '1');

at the top of ALL php code while you develop it!

#5 DanEthical

DanEthical
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts
  • LocationVictoria

Posted 18 February 2017 - 01:33 AM

Use MySQLi or PDO. MySQL is deprecated since php 5.5 and completely removed from php 7.


I did not do it. It was not me!

#6 fatkatie

fatkatie
  • Members
  • PipPipPip
  • Advanced Member
  • 48 posts

Posted 18 February 2017 - 01:46 AM

If there are no constraints on the database a read-back might be a good thing to do. .  If for the count anyway.



#7 ephdee

ephdee
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 20 February 2017 - 10:54 PM

How do i change the code from mysql to mysqli or pdo?



#8 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 17,594 posts

Posted 20 February 2017 - 11:06 PM

Follow the link that benanamen gave you in reply #2 above


If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users