PHP/SQL Login Help

[ÑÀRÇÁÇΧT]

Hi,

 

Started to learn some PHP/SQL so far so good but I have come across a few problems.

 

I'm creating a Login script based on 3 files and no matter what I enter the account and password are always wrong even though they are not.

 

Files:

main_login.php

checklogin.php

login_successful.php

 

main_login.php

<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="Account" type="text" id="Account"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="Password" type="text" id="Password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

 

checklogin.php

<?php

$host="localhost"; // Host name 
$username="*****"; // Mysql username 
$password="****"; // Mysql password 
$db_name="****"; // Database name 
$tbl_name="membersb"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$account=$_POST['Account']; 
$password=$_POST['Password'];

// To protect MySQL injection (more detail about MySQL injection)
$account = stripslashes($account);
$password = stripslashes($password);
$account = mysql_real_escape_string($account);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE account='$account' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("account");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

?>

 

login_success.php

// Check if session is not registered , redirect back to main page. 
// Put this code in first line of web page. 
<?php
session_start();
if(!session_is_registered(account)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>

 

Any ideas guys?

 

You can test this : courtixgaming.com/php

[terabyte]

At a first quick look the code seems fine to me :huh:

 

 

P.S.: Is a good thing to close always the database connection, to do it use:

mysql_close();

[ÑÀRÇÁÇΧT]

Yea, thanks for the tip, and I get no errors just wont login

[DawPi]

Hello,

what happen if you change this:

$account = mysql_real_escape_string($account);
$password = mysql_real_escape_string($password);

to:

//$account = mysql_real_escape_string($account);
//$password = mysql_real_escape_string($password);

?

[ÑÀRÇÁÇΧT]

Wow, that worked, just gotta remove some errors but at least it logs in now :)

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/ctxgame/public_html/php/login_success.php:3) in /home/ctxgame/public_html/php/login_success.php on line 4

 

Is the error,

Edited November 29, 2008 by ��R����§T

[ÑÀRÇÁÇΧT]

All fixed, thanks guys

[terabyte]

mysql_real_escape_string is used to prevent SQL Injection, is not a good idea to comment out this code :unsure:

 

Probably it was failing the login because you haven't escaped properly the username before saving it in your DB :o

[DawPi]

Yes yes yes B)