ÑÀRÇÁÇΧT Posted November 28, 2008 Posted November 28, 2008 Hi, Started to learn some PHP/SQL so far so good but I have come across a few problems. I'm creating a Login script based on 3 files and no matter what I enter the account and password are always wrong even though they are not. Files:main_login.phpchecklogin.phplogin_successful.php main_login.php<html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="checklogin.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="Account" type="text" id="Account"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="Password" type="text" id="Password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> </body> </html> checklogin.php<?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="****"; // Mysql password $db_name="****"; // Database name $tbl_name="membersb"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $account=$_POST['Account']; $password=$_POST['Password']; // To protect MySQL injection (more detail about MySQL injection) $account = stripslashes($account); $password = stripslashes($password); $account = mysql_real_escape_string($account); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE account='$account' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("account"); session_register("password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php// Check if session is not registered , redirect back to main page. // Put this code in first line of web page. <?php session_start(); if(!session_is_registered(account)){ header("location:main_login.php"); } ?> <html> <body> Login Successful </body> </html> Any ideas guys? You can test this : courtixgaming.com/php
Management terabyte Posted November 28, 2008 Management Posted November 28, 2008 At a first quick look the code seems fine to me :huh: P.S.: Is a good thing to close always the database connection, to do it use:mysql_close(); Board Rules - Available Products - Need a Custom Work? < Don't PM me for support, post in the forum or submit a ticket from the client area instead! >
ÑÀRÇÁÇΧT Posted November 28, 2008 Author Posted November 28, 2008 Yea, thanks for the tip, and I get no errors just wont login
DawPi Posted November 29, 2008 Posted November 29, 2008 Hello,what happen if you change this:$account = mysql_real_escape_string($account); $password = mysql_real_escape_string($password);to://$account = mysql_real_escape_string($account); //$password = mysql_real_escape_string($password);? IPS, Inc. Official Partner ♦ IPS Community Developer ♦ Custom Modding
ÑÀRÇÁÇΧT Posted November 29, 2008 Author Posted November 29, 2008 (edited) Wow, that worked, just gotta remove some errors but at least it logs in now :) Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/ctxgame/public_html/php/login_success.php:3) in /home/ctxgame/public_html/php/login_success.php on line 4 Is the error, Edited November 29, 2008 by Ã�Ã�RÃ�Ã�Ã�Ã�§T
Management terabyte Posted November 30, 2008 Management Posted November 30, 2008 mysql_real_escape_string is used to prevent SQL Injection, is not a good idea to comment out this code :unsure: Probably it was failing the login because you haven't escaped properly the username before saving it in your DB :o Board Rules - Available Products - Need a Custom Work? < Don't PM me for support, post in the forum or submit a ticket from the client area instead! >
DawPi Posted December 1, 2008 Posted December 1, 2008 Yes yes yes B) IPS, Inc. Official Partner ♦ IPS Community Developer ♦ Custom Modding
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now