Jump to content

[SOLVED] What is wrong with my code?

xjasonx

By xjasonx
in PHP Coding Help

 Share

Recommended Posts

xjasonx Member

xjasonx

Posted
Posted

I got this from the membership tutorial. It's suppose to validate a login then redirect to the admin page. All it does is bring up a blank screen, no error or anything.

 

<?php
session_start();
header("Cache-control: private");
include("include/connect.php");
$user = $_POST['user'];
$pass = $_POST['pass'];

$sql_check_user = "select * from admin where username='$user'");
$result_name_check = mysql_query($sql_check_user);
$usersfound = mysql_num_rows($result_name_check);
if ($usersfound < 1) {
$error = "The user $user was not found.";
} else {
$sql_check_pass = "select * from admin where username='$user'");
$user_info = mysql_fetch_array(mysql_query($sql_check_pass));
$dbpass = $user_info['password'];
if ($pass != $dbpass) {
$error = "The password is incorrect.";
} else {
$_SESSION['username'] = $user_info['username'];
$_SESSION['password'] = $user_info['password'];
$_SESSION['name'] = $user_info['name'];
$_SESSION['email'] = $user_info['email'];
header("Location:http://www.scriptsforgames.com/admin.php");
}
}
if ($error) {
echo $error;
include("login.html");
} else {
echo "WTF!";
}
?>

Link to comment
https://forums.phpfreaks.com/topic/85120-solved-what-is-wrong-with-my-code/
Share on other sites
mmarif4u Regular Member

mmarif4u

Posted
Posted

Try this code,But i am not sure about paging flow and db,plz change any thing according to ur needs.

 

<?php
session_start();
header("Cache-control: private");
include("include/connect.php");
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);

$sql_check_user = "select * from admin where username='$user' and password='$pass'");
$result_name_check = mysql_query($sql_check_user);
$usersfound = mysql_num_rows($result_name_check);
if ($usersfound < 1) {
$error = "The user $user was not found.";
echo $error;
include("login.html");
} else {
$_SESSION['username'] = $user_info['username'];
$_SESSION['password'] = $user_info['password'];
$_SESSION['name'] = $user_info['name'];
$_SESSION['email'] = $user_info['email'];
header("Location:http://www.scriptsforgames.com/admin.php");
}
?>

mmarif4u Regular Member

mmarif4u

Posted
Posted

Yeh ppl hash passwords.This is upto him.No comments on this.but for security hashing is more than better.

 

Now another in ur code:

$_SESSION['name'] = $user_info['name'];
$_SESSION['email'] = $user_info['email'];

From where u store these values to sessions.

I did not see these in ur post variables or retrieving it from db.

xjasonx Member

xjasonx

Posted
  • Author
Posted

I'm not worried about getting hacked. If I do, then maybe they'll post some inappropriate news? Until that happens, I won't worry.

 

$_SESSION['name'] = $user_info['name'];
$_SESSION['email'] = $user_info['email'];

 

From where u store these values to sessions.

I did not see these in ur post variables or retrieving it from db.

 

I retrieved them from db. 

$user_info = mysql_fetch_array(mysql_query($sql_check_user));

unless that doesn't work?

 

I tryed the code you posted, mmarif4u and still a blank screen. I even tryed adding some text after the closing php tag and that doesn't even show up, so somethings weird. I'm using webhostfreaks as my host if that helps.

 

 

mmarif4u Regular Member

mmarif4u

Posted
Posted

Complete updated code:

 

<?php
session_start();
header("Cache-control: private");
include("include/connect.php");
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);

$sql_check_user = "select * from admin where username='$user' and password='$pass'";
$result_name_check = mysql_query($sql_check_user);
$usersfound = mysql_num_rows($result_name_check);
$user_info = mysql_fetch_object($result_name_check);
if ($usersfound < 1) {
$error = "The user $user was not found.";
echo $error;
include("login.html");
} else {
$_SESSION['username'] = $user_info['username'];
$_SESSION['password'] = $user_info['password'];
$_SESSION['name'] = $user_info['name'];
$_SESSION['email'] = $user_info['email'];
header("Location:http://www.scriptsforgames.com/admin.php");
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.