When a user logs in they are redirected to member.php, below is the log in code followed by member.php code.
login.php
<?php
session_start ();
include 'core/init.php';
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: member.php");
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: admin.php");
}
else{
echo "Incorrect password";
}
}
else{
if ($username!=$dbusername&&$password!=$dbpassword)
{die("That user does not exist!");
}
}
}
}
/*if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
if ($username!=$dbusername)
{die("That user does not exist!");
}
}
}
else
die("Please enter your email address and password");
*/
?>
member.php code (I know this is messy. Sorry, just need to get it working for now)
<div id="header">
<div id= "logout">
<?php
if(isset($_GET['username']) === true & empty ($_GET['username']) === false)
$username = $_GET ['username'];
if (user_exists($username) === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>\n<a href='index.php'>Back to homepage</a></p>";
?></div>
</div>
<div id="main-content">
<?php
//get username from user id
$MemberID = user_id_from_username($username);
$profile_data =user_data($MemberID, 'Name','Email');//Need to pull out stuff from oddjob table
?>
<h1><?php echo $profile_data['Name']; ?>'s profile</h1>
<p><?php echo $profile_data['Email'];?></p>
<?php
} else {
echo '<p>Sorry, cannot find that user on system.</p>';
}
?>
At the moment I have set member.php so that if I type a username (which is the users email address) into the URL it displays some profile data specific to that user.
However, when I log in as a user, and get redirected to member.php I just see a blank page and the username doesn't show up in the URL, just an error message saying ' Undefined variable: username' for that user and I don't know how to edit this so that it works and the member is sent to their own profile page.
Relevant functions below:
functions.php
function logged_in() {
return (isset($_SESSION['MemberID'])) ? true : false; //Email
}
function user_data($MemberID){
$data = array();
$MemberID =(int)$MemberID;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args >1) {
unset($func_get_args[0]);
$fields = '`' . implode('`,`', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `member` WHERE `MemberID` = $MemberID"));//expects parameter 1 to be resourse
return $data;
}
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `MemberID` FROM `member` WHERE `Email` = '$username'"),0, 'MemberID');
Init.php:
if (logged_in() ===true) {
$session_MemberID = $_SESSION['MemberID'];//undefined?
$user_data= user_data($session_MemberID,'MemberID','Name','Address','Postcode','DOB','Mobile','Email','Password','RepeatPassword');
exit();
}
To be honest Ive been looking at this code for so long now, I'm completely blind/lost as to how to fix this. Please help if you can.
Index.php
<div id= "login">
<form action="login.php" method="post">
<?php
if (logged_in() === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>";
}else
echo"<h4>Username: <input type='text' name='Email'><br>
Password: <input type='Password' name='Password'>
<input type='submit' value='Log In'><br>
<a href='register2.php'>Register?</a>
</form>"
?>
On your member.php page you try to get the username from $_GET but you don't pass any parameter when you redirect the user in login.php.
Either rely only on the $_SESSION which you set or change your redirect:
header('Location: member.php?username='.$username);
This header command:
header("Location: member.php");
Must be above the head. it can only be called if no other html code has been sent to the user. E.g.:
<?php
header("Location: member.php");
?>
<html>
<head>
</head>
<body>
</body>
</html>
Related
I am a beginner in PHP and just starting to learn it. I am trying to make a registration page and login page. My login page is working once I select username and password and it also can detect an incorrect password but the profile picture that I uploaded through the registration page is not appearing on the welcome page. Once I add the profile, the login page no longer works at all. I hope you guys can understand my problem and help me find a solution. Thank you in advance. I attach my code below :
REGISTER FORM PHP
<?php
session_start();
$_SESSION['message'] = '';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password']== $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (copy($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] =$username;
$_SESSION['profile'] =$profile_path;
$sql ="INSERT INTO users(username,email,password,profile)"
."VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql)=== true) {
$_SESSION['message'] = 'Registration successful!
Added $username to the database!';
header("location:RegisterLogin.php");
}
else {
$_SESSION['message'] = "User could not be added to the database!";
}
}
else{
$_SESSION['message'] = "file failed!";
}
}
else {
$_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!";
}
}
else{
$_SESSION['message'] = "two password do not match!";
}
}
?>
lOGIN fORM
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string(isset($_FILES['profile']));
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND profile = 'profile_path'";
$result = mysqli_query($mysqli,$sql);
if(mysqli_affected_rows($mysqli) == 1){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
WELCOME PHP
<link rel="stylesheet" href="Form2.css" />
<?php session_start(); ?>
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile']?>'</span>
update your codes like following
REGISTER FORM
<?php
session_start();
$_SESSION['message'] = '';
$mysqli= new mysqli('127.0.0.1','root','','accounts');
if(isset($_POST) && array_filter($_POST)){
if ($_POST['password'] == $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if(!empty($username) && !empty($email) && !empty($password) && !empty($_FILES['profile']['name']){
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (move_uploaded_file($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$sql ="INSERT INTO users(username,email,password,profile) VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql) == true) {
$_SESSION['message'] = "Registration successful! Added $username to the database!";
header("Location: RegisterLogin.php");
}
else { $_SESSION['message'] = "User could not be added to the database!"; }
} else {$_SESSION['message'] = "file failed!";}
} else { $_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!"; }
}else{ $_SESSION['message'] = "values are missing"; }
} else{ $_SESSION['message'] = "two password do not match!"; }
}
?>
LOGIN FORM
<?php
session_start();
$_SESSION['message']='';
$mysqli= new mysqli('127.0.0.1','root','','accounts'););
if(isset($_POST['login'])){
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $mysqli->query($sql);
if($result->num_rows > 0){
$row = $result->fetch_assoc();
$_SESSION['username'] = $username;
$_SESSION['profile'] = 'images/'.$row['profile'];
$_SESSION['message'] = "Login successful!";
header("Location: Welcome.php");
}else{ $_SESSION['message'] = "Login Failed!";}
}
?>
WELCOME PHP
<?php session_start(); ?>
<link rel="stylesheet" href="Form2.css" />
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile'];?>'/></span>
You are setting your session values incorrectly in login.php. In the below code, uses mysqli_fetch_array() to retrieve correct values for $_SESSION variable.
Login.php
Try this:
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0){
$row = mysqli_fetch_array($result);
$_SESSION['username'] = $row['username'];
$_SESSION['profile'] = $row['profile'];
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");exit();
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
In Welcome.php
Move <?php session_start(); ?> to the topmost of your document. You cannot output anything (HTML content or echos) before calling session_start() or session will fail unless using output buffering.
Here is the full code:
<?php
session_start();
session_regenerate_id(true);
require_once('connect.php');
require_once "lib.php";
require_once "utils.php";
$EmailAddress = mysqli_real_escape_string($link,htmlentities($_POST['EmailAddress']));
$Password = mysqli_real_escape_string($link,htmlentities($_POST['Password']));
$Fname = mysqli_real_escape_string($link,htmlentities($_POST['Fname']));
function login($result,$EmailAddress,$Password)
{
if($result)
{
if(mysqli_num_rows($result) == 1)
{
$email_exists = true;
$pass_exists = true;
if($pass_exists = true && $email_exists = true)
{
$_SESSION['active']=true;
$_SESSION['EmailAddress']=$EmailAddress;
//$_SESSION['Password']=$Password;
header("Location: myIndex.php");
exit();
}
}
else
echo "<div id='error'><h4>Error: Incorrect Password or Email</h4></div>";
}
}
function redirect_if_active()
{
header("Location: myIndex.php");
exit();
}
if(isset($_SESSION['active']) && $_SESSION['active'] ===true)
{
redirect_if_active();
}
// only processes login information if the submit button has been clicked
if (isset($_POST['submit'])) {
$sql="SELECT * FROM users WHERE EmailAddress ='$_POST[EmailAddress]' AND
Password ='$_POST[Password]'";
$result = mysqli_query($link,$sql);
login($result,$EmailAddress,$Password);
}
if(isset($_POST['signup'])){
header("Location: register.php");
exit();
}
?>
My guess is that the error is where the $sql = SELECT * FROM users WHERE but I', not entirely sure. I'll input the Email and the password, but it continues to return me to the login page. I'm not sure why it's doing that, but it needs to go to the Profile page once the user has logged in.
$link = "somethingrelatedtoyourdb";
$EmailAddress = $_POST['EmailAddress'];
$Password = $_POST['Password'];
//$Fname = $_POST['Fname']; THIS IS NEVER POSTED
echo "<pre>";
print_r($_POST);
echo "</pre>";
function login($result,$EmailAddress,$Password)
{
if($result)
{
if(($result) == true)//TRUE AGAIN
{
//THIS MAKES NO SENSE
// $email_exists = true;
// $pass_exists = true;
//if($pass_exists = true && $email_exists = true)
// {
$_SESSION['active'] == true;
$_SESSION['EmailAddress'] == $EmailAddress;
//$_SESSION['Password']=$Password;
header("Location: myIndex.php");
exit();
// }
}
else
echo "<div id='error'><h4>Error: Incorrect Password or Email</h4></div>";
}
}
function redirect_if_active()
{
header("Location: myIndex.php");
exit();
}
if(isset($_SESSION['active']) && $_SESSION['active'] ===true)
{
redirect_if_active();
}
// only processes login information if the submit button has been clicked
if (isset($_POST['submit'])) {
$sql="SELECT * FROM users WHERE EmailAddress ='$EmailAddress' AND
Password ='$Password'";
print_r($sql);
// $result = mysqli_query($link,$sql); Ill make this true for a moment
$result = true;
login($result,$EmailAddress,$Password);
}
if(isset($_POST['signup'])){
header("Location: register.php");
exit();
}
?>
<html>
<head></head>
<body>
<div id='form'>
<form action='example.php' method='POST'>
<div id='email'>Email:</div>
<div id='email2'>
<input name='EmailAddress' type='email'/>
<br>
</div> Password: <input name='Password' type='password'/>
<br>
<input class="submit" name='submit' type='submit' value='Login'/>
<input class="submit2" name='signup' type='submit' value='SignUp!'/> </form>
</body></html>
You have quite a few issues that I see right off the bat
In your sql query this $_POST[Password] should be $_POST['Password']. Same thing with the email address. This might fix your query, however please note, passing in raw post data to mysql is a big security problem. You are already setting these post params as escaped variables. You could use those, but you should look at prepared statements to keep yourself safe.
This block, has an error, and also doesn't make sense
$email_exists = true;
$pass_exists = true;
if($pass_exists = true && $email_exists = true)
It should be
if($pass_exists == true && $email_exists == true)
Or better yet
if($pass_exists && $email_exists)
However since you are explicitly setting both of these vars to true right before checking if they are true, then this will always be true.
I'm creating a login form for a site. The validation worked fine prior to me trying to incorporate security with PHPs built in password_hash() and password_verify() fucntions. I'm using the bcrypt algorithm for encryption with said functions.
The issue is that when the correct username and password are entered into the login form password_verify returns false and as such the validation is unsuccessful, preventing login. I've done a great deal of searching around but have not found any solutions that sort this. The below code (admin_login.php) manages both the login form and processes the login as well.
I'm including my code and also a screenshot of the structure of my MySQL 'login' table within the phpmyadmin control panel.
Thanks in advance.
Table Structure:
(Being new I don't have the rep to post images so here's a gyazo link: http://gyazo.com/a423e5ba38fe5200a8198b47a66fe75a)
admin_login.php
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if (isset($_SESSION['id']) && $_SESSION['admin'] == 1) {
$userID = $_SESSION['id'];
$username = $_SESSION['username'];
header('Location:admin_panel.php');
}
if (isset($_POST['submit'])) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, admin FROM login WHERE username = '$username' AND activated = '1' AND admin = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userID = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$admin = $row[3];
}
// VALIDATES LOGIN CREDENTIALS //
/* $verify = password_verify('123', $trimmed);
var_dump($password);
var_dump($dbPassword);
var_dump($verify); */
// checks if user is valid in database and admin
if ($username == $dbUsername AND $verify && $admin = 1) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userID;
$_SESSION['admin'] = $admin;
header('Location:admin_panel.php');
die();
} elseif ($admin == 0) {
echo "Either you are not an admin user or you have entered an incorrect username/password combination. <br><br> <a href='index.php'>Click Me</a> to return to the homepage.";
//TODO: ADD LINK TO USER LOGIN PAGE
die();
} else {
echo "Incorrect username/password combo";
exit();
}
}
?>
<?php
$pageTitle = "Casa Mirador | Admin";
include_once('inc/header.php');
?>
<h2 style="text-align: center;">Admin Login</h2>
<div class="login_section_one">
<div class="wrapper">
<!-------- ADMIN LOGIN FORM ---------->
<form method="POST" action="admin_login.php" id="admin_form">
<table class="form_login">
<tr>
<th>
<label for = "username"> Username </label>
</th>
<td>
<input type="text" name="username" id="username">
</td>
</tr>
<tr>
<th>
<label for = "password"> Password </label>
</th>
<td>
<input type="password" name="password" id="password">
</td>
</tr>
</table>
<input type="submit" id="submit" name="submit" value="Login">
</form>
</div>
<?php
include_once('inc/footer.php');
?>
This should work.
if (isset($_POST['submit'])) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, admin FROM login WHERE username = '$username' AND activated = '1' AND admin = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userID = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$admin = $row[3];
}
$verify = password_verify($_POST['password'], $dbPassword); // This should work
if ( $verify ) { // You don't need to check username and is admin, because this is done in the query to the database.
$_SESSION['username'] = $username;
$_SESSION['id'] = $userID;
$_SESSION['admin'] = $admin;
header('Location:admin_panel.php');
die();
} elseif ($admin == 0) {
echo "Either you are not an admin user or you have entered an incorrect username/password combination. <br><br> <a href='index.php'>Click Me</a> to return to the homepage.";
//TODO: ADD LINK TO USER LOGIN PAGE
die();
} else {
echo "Incorrect username/password combo";
exit();
}
}
In this code snipped there is no $verify variable defined, it is commented out, so this conditional statement goes to 'else' section.
Also $dbUsername always equals to $username, because that's in your WHERE clause in your $sql - so you don't need to check that again.
Another thing: you omitted one = character - change
if ($username == $dbUsername AND $verify && $admin = 1) {
to
if ($username == $dbUsername AND $verify && $admin == 1) {
you assigned 1 to $admin instead of checking if $admin == 1
I set session variables on a login page, and then it redirects to the home page, where a function called isLoggedIn() decides whether it include()s signed-in.php or membership-container.php in the header. signed-in.php is what shows if the person is logged in, and membership-container.php is shown if the client is not logged in. After I login it shows signed-in.php as would be expected, but when I reload the page, it shows membership-container.php.
Login page:
<!DOCTYPE html>
<?php
session_start();
/*error_reporting(0);*/
require 'users/database/connect-database.php';
require 'users/database/database-functions.php';
if ($_POST) {
$email = sanitize($connection, strip_tags($_POST['login_email']));
$password = sanitize($connection, strip_tags($_POST['login_password']));
$encrypted_password = sha1($password);
if (!empty($email) && !empty($password)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Your email is not valid.';
} else if(exists($connection, 'email', 'members', 'email', $email) == false) {
$error = "We didn't find anyone with that email and password. Have you joined SamHalesJr.com yet?";
} else if (exists($connection, 'email', 'members', 'password', $encrypted_password) == false) {
$error = "Please enter the correct password.";
} else if (detail($connection, 'active', 'members', 'email', $email) != 1) {
$error = "You haven't activated your account!";
} else {
$query = login($connection, $email, $encrypted_password);
if ($query == true) {
ini_set('session.gc_maxlifetime', $inactive_session);
$_SESSION['session'] = time();
$_SESSION['logged_in'] = detail($connection, 'user_id', 'members', 'email', $email);
if (isLoggedIn()) {header('Location: /home');}
}
}
} else {
$error = 'Please enter an email and password.';
}
}
require 'users/database/disconnect-database.php';
?>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form action="/login" method="POST">
<input placeholder="Email" value="<?php echo $email; ?>" type="text" name="login_email"><br>
<input placeholder="Password" value="<?php echo $password; ?>" type="password" name="login_password"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
I know connect-database.php and disconnect-database.php work, and here are the contents of database-functions.php:
<?php
$inactive_session = 7200;
function sanitize($connection, $data) {
return mysqli_real_escape_string($connection, $data);
}
function exists($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$count = mysqli_num_rows($query);
return ($count >= 1) ? true : false;
}
function generate($password) {
$password = hash('sha512', $password);
return $password;
}
function isLoggedIn() {
if (isset($_SESSION['logged_in'])) {
return true;
} else {
return false;
}
}
function detail($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$associate = mysqli_fetch_assoc($query);
return $associate[$detail];
}
function login($connection, $email, $password) {
$query = mysqli_query($connection, "SELECT `email`, `password` FROM `members` WHERE `email` = '$email' AND `password` = '$password'");
$count = mysqli_num_rows($query);
if ($count >= 1) {
return true;
} else {
return false;
}
}
function logout() {
unset($_SESSION['logged_in']);
session_unset();
session_destroy();
}
?>
Am I correct that the session_start() and any other $_SESSION[''] variables need to go before the <html> tag? Here is the code that I put before the <html> tag in each page:
<?php
include 'users/database/database-functions.php';
ini_set('session.gc_maxlifetime', $inactive_session);
session_start();
if (isset($_SESSION['session']) && (time() - $_SESSION['session'] > $inactive_session)) {
logout();
}
$_SESSION['session'] = time(); // Update session
?>
Leave a comment if there is any other info that you need and thanks so much for anyone's help. I've been working on this for a long time and am still new to session handling and functions.
Just to make it clear, my problem is that when I enter the ___correct___info to /login and click the login button, it redirects to the /home page as it should do and it shows signed-in.php in the header, but when I reload /home it shows membership-container.php.
If it helps at all, after I have reloaded the home page (after logging in), it still shows the PHPSESSID cookie, just as it does when it shows signed-in.php. It also says that the cookie expires "when the browsing session ends." I don't know if that means anything, but that fact that it still shows the PHPSESSID cookie could mean that the session is still alive and that the error is in my isLoggedIn() function.
Also it might help to see what exactly is inside the header:
<?php if (isLoggedIn()) {
include 'signed-in.php';
} else {
include 'membership-container.php';
} ?>
Thank you anyone who helps me out with this.
Whenever I try to login with the simple page I made. But there is a problem with the lookup to see if that information is in the database or not. All it requires is you to login in with username and password.
Here is the html form :
<p> Login </p>
<form action='login.php' method='POST'>
<input type='text' name='username'/><br>
<input type='password' name='password'/><br>
<input type='submit' name='submit' value='Login'/>
</form>
Here is the script for that form :
<?php
error_reporting(0);
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include ("connect.php");
if ($username && $password) {
// Info Is Provided
$queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrow = mysql_numrows($queryget);
if ($numrow != 0) {
$_SESSION['username'] = $username;
echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";
} else {
echo "Your Username Was Not Found";
}
} else {
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>
Can you figure why it won't let me Login?
Change this:
$numrow = mysql_numrows($queryget);
To:
$numrow = mysql_num_rows($queryget);
And also use isset function in the if condition:
if(isset($username) && isset($password)){
You probably had whitespace after the closing ?>
<?php
error_reporting(0);
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
include ("connect.php");
if (isset($username) && isset($password)) {
// Info Is Provided
$queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrow = mysql_num_rows($queryget);
if ($numrow != 0) {
$_SESSION['username'] = $username;
echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";
} else {
echo "Your Username Was Not Found";
}
} else {
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>
Hi the problem you are having may have something to do with the version of PHP you are using, MySQL is outdated and does not function on the latest versions, it have changed to MySQL which is similar so its defiantly worth learning. The code below is similar to yours only I have removed the include to connect.php and replaced it with MySQLi. I have also made a change to the query limiting only one item to return.
$username = $_POST['username'];
$password = $_POST['password'];
$Connect = mysqli_connect($host,$user,$pass,$database);
if (isset($username) && isset($password))
{
// Info Is Provided
$queryget = mysqli_query($Connect, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
$numrow = mysqli_num_rows($queryget);
if ($numrow == 1)
{
$_SESSION['username'] = $username;
echo "You Have Been Logged In. | <a href='members.php'>Go To The Members Page</a>";
}
else
{
echo "Your Username Was Not Found";
}
}
else
{
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>