I'm trying to use a simple PHP Login script for my website. But I am facing a problem with login.
Okay, here are the two files I used.
------------------------------------------------------------------------------------
[file=loginform.php] - the form where we enter username and password]
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
[login.php] the file which processes the login form
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
Database Info: Table contains three fields namely loginid, username and password
------------------------------------------------------------------------------------
The Problem:
The login form was supposed to check the username and password fields; and login. But I get redirected to the loginform page; with the message 'Wrong Username or Password' Any ideas folks? Please.
Okay, here are the two files I used.
------------------------------------------------------------------------------------
[file=loginform.php] - the form where we enter username and password]
------------------------------------------------------------------------------------
Code:
<form name="login-form" id="login-form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Please login:</legend>
<dl>
<dt>
<label title="Username">Username:
<input tabindex="1" accesskey="u" name="username" type="text" maxlength="50" id="username" />
</label>
</dt>
</dl>
<dl>
<dt>
<label title="Password">Password:
<input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" />
</label>
</dt>
</dl>
<dl>
<dt>
<label title="Submit">
<input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" />
</label>
</dt>
</dl>
</fieldset>
</form>
[login.php] the file which processes the login form
------------------------------------------------------------------------------------
Code:
<?php
if (!session_is_registered('loginid') || !session_is_registered('username'))
{
// user is not logged in.
if (isset($_POST['cmdlogin']))
{
// retrieve the username and password sent from login form
// First we remove all HTML-tags and PHP-tags, then we create a md5-hash
// This step will make sure the script is not vulnernable to sql injections.
$u = strip_tags($_POST['username']);
$p = md5(strip_tags($_POST['password']));
//Now let us look for the user in the database.
$query = sprintf("SELECT loginid FROM login WHERE username = '%s' AND password = '%s' LIMIT 1;",
mysql_real_escape_string($u), mysql_real_escape_string($p));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1)
{
// invalid login information
echo "Wrong username or password!";
//show the loginform again.
include "loginform.php";
} else {
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
show_userbox();
}
} else {
// User is not logged in and has not pressed the login button
// so we show him the loginform
include "loginform.php";
}
} else {
// The user is already loggedin, so we show the userbox.
show_userbox();
}
?>
Database Info: Table contains three fields namely loginid, username and password
------------------------------------------------------------------------------------
The Problem:
The login form was supposed to check the username and password fields; and login. But I get redirected to the loginform page; with the message 'Wrong Username or Password' Any ideas folks? Please.