i have a problem creating my login page. i don't know the problem is. please help!

Question

0.00/5 (No votes)

See more:

i'm creating my login page for my project. i have a database named 'dbase' and a table name 'users' with fields 'id', 'username' and 'password'. this are my pages with their corresponding codes and queries.

C++

//index.php
<?php
require 'core.inc.php';
require 'connect.inc.php';

if (loggedin()){
echo 'You are logged in.';
}else{
include 'login.inc.php';
}

?>

//login.inc.php
if(isset($_POST['username']) && isset($_POST['password'])){
    $username=$_POST['username'];
    $password=$_POST['password&'];

if(!empty($username) && !empty($password)){
        $query="SELECT * FROM users WHERE username=$username AND password=$password";
if($query_run=mysql_query($query)){
    $query_num_rows=mysql_num_rows($query_run);
    if(query_num_rows==0){
        echo 'Invalid username and password combination.';
    }else if($query_num_rows==1){
     $user_id=mysql_result($query_run,0,'id');
        $_SESSION['user_id']=$user_id;
        header('Location: index.php');
    }
}

    }else{
        echo 'You must supply a username and password';
    }
}
?>

<form action="<?php echo $current_file; ??>" method="POST">
Username: <input type="text" name="username">
Password:<;input type="password" name="password">
<input type="submit" value="Log in">
</form>

//connect.inc.php

    $mysql_host="localhost";
    $mysql_username=";root";
    $mysql_password="";

    $mysql_db="dbase";

    if(!mysql_connect($mysql_host,$mysql_username,$mysql_password) || !mysql_select_db($mysql_db)){
        die(mysql_error());
    }
?>

//core.inc.php

ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];

function loggedin(){
    if(isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])){
        return true;
    }else{
        return false;
    }

}

?>

.....kindly help me. i can't see what is wrong with this. you're comments and suggestions are very much appreciated. THANK YOU!

Posted 2-Jul-12 17:01pm

minejass

Updated 2-Jul-12 18:51pm

Mohibur Rashid

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mohibur Rashid · Accepted Answer · 2012-07-02T19:05:00

Solution 1

You didnt tell exactly where is your problem.

now check
1. in login.inc.php file there is

PHP

if(isset($_POST['username']) && isset($_POST['password'])){
    $username=$_POST['username'];
    $password=$_POST['password&']; //problem. I ca see a & at the end

2. With your query your system can be easily hacked. learn about mysql_real_escape_string function

3. in your log in i can see a semicolon infront of root

4. I can see ob_start but I dont see ob_end_flush() //this is not related with failure.

Finally you better provide more information

Posted 2-Jul-12 19:05pm

Mohibur Rashid

Comments

minejass 3-Jul-12 1:24am

i tried fixing the errors. like the semicolon in front of the root. I tried to run it. i clicked the submit button without entering anything and it executed the code inside the if statement !empty username and !empty password echoing "You must enter username and password.". but when i'm entering the correct username and password combination, nothing happens. what do you think is the problem? i am still new in php, i need some help. thank you so much!

Mohibur Rashid 3-Jul-12 1:40am

I just have noticed that your query is not correct. the correct would be
$query="SELECT * FROM users WHERE username='$username' AND password='$password'";

better would be
$query="SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'";

minejass 3-Jul-12 5:21am

Notice: Use of undefined constant query_num_rows - assumed 'query_num_rows' in C:\xampp\htdocs\codes\login.inc.php on line 10
Invalid username and password combination.

that is the output after i entered the valid username and password combination following your query. now the query you've suggested is working maybe i have some problems with the other block of codes?

minejass 3-Jul-12 5:34am

it's working now. Thanks a lot! that really helps.