Go Back   Computer Forums > General Computing > Programming
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-30-2011, 12:16 AM   #1
Beta Member
 
Join Date: Feb 2010
Posts: 2
Exclamation PHP Login Script Question.. Please Help.

I'm trying to use a simple PHP Login script for my website. But I am facing a problem with login.

Okay, here are the two files I used.

------------------------------------------------------------------------------------
[file=loginform.php] - the form where we enter username and password]
------------------------------------------------------------------------------------
Code:
<form name="login-form" id="login-form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <fieldset>
  <legend>Please login:</legend>
  <dl>
	<dt>
	  <label title="Username">Username:
	  <input tabindex="1" accesskey="u" name="username" type="text" maxlength="50" id="username" />
	  </label>
	</dt>
  </dl>
  <dl>
	<dt>
	  <label title="Password">Password:
	  <input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" />
	  </label>
	</dt>
  </dl>
  <dl>
	<dt>
	  <label title="Submit">
	  <input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" />
	  </label>
	</dt>
  </dl>
  </fieldset>
</form>
------------------------------------------------------------------------------------
[login.php] the file which processes the login form
------------------------------------------------------------------------------------
Code:
<?php
if (!session_is_registered('loginid') || !session_is_registered('username'))
{
	// user is not logged in.
	if (isset($_POST['cmdlogin']))
	{
		// retrieve the username and password sent from login form
		// First we remove all HTML-tags and PHP-tags, then we create a md5-hash
		// This step will make sure the script is not vulnernable to sql injections.
		$u = strip_tags($_POST['username']);
		$p = md5(strip_tags($_POST['password']));
		//Now let us look for the user in the database.
		$query = sprintf("SELECT loginid FROM login WHERE username = '%s' AND password = '%s' LIMIT 1;",
			mysql_real_escape_string($u), mysql_real_escape_string($p));
		$result = mysql_query($query);
		// If the database returns a 0 as result we know the login information is incorrect.
		// If the database returns a 1 as result we know  the login was correct and we proceed.
		// If the database returns a result > 1 there are multple users
		// with the same username and password, so the login will fail.
		if (mysql_num_rows($result) != 1)
		{
			// invalid login information
			echo "Wrong username or password!";
			//show the loginform again.
			include "loginform.php";
		} else {
			// Login was successfull
			$row = mysql_fetch_array($result);
			// Save the user ID for use later
			$_SESSION['loginid'] = $row['loginid'];
			  // Save the username for use later
			$_SESSION['username'] = $u;
			  // Now we show the userbox
			show_userbox();
		}
	} else {
		 // User is not logged in and has not pressed the login button
		 // so we show him the loginform
		include "loginform.php";
	}
} else {
	 // The user is already loggedin, so we show the userbox.
	show_userbox();
}
?>
------------------------------------------------------------------------------------
Database Info: Table contains three fields namely loginid, username and password
------------------------------------------------------------------------------------

The Problem:
The login form was supposed to check the username and password fields; and login. But I get redirected to the loginform page; with the message 'Wrong Username or Password' Any ideas folks? Please.
__________________

brainbug is offline   Reply With Quote
Old 01-30-2011, 03:32 AM   #2
Baseband Member
 
Shazer2's Avatar
 
Join Date: May 2009
Posts: 89
Default Re: PHP Login Script Question.. Please Help.

Why so complicated? That's my question.

In answer to your question, why not just do a simple SQL statement like so,

Code:
$sql = mysql_query("SELECT * FROM tblname WHERE username='$username' AND password='$password'");
$count = mysql_num_rows($sql)

if ($count == 1) {
    session_register("username");
    session_register("password");
    header("location:index.php");
} else {
    echo "Incorrect username or password";
}
Of course you need to set $username and $password to $_POST['username'] and $_POST['password'].
__________________
Need some PHP questions answered? Give me a PM and I will see what I can do.
Shazer2 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:52 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0