ÑÀRÇÁÇΧT Posted November 28, 2008 Share Posted November 28, 2008 Hi, Started to learn some PHP/SQL so far so good but I have come across a few problems. I'm creating a Login script based on 3 files and no matter what I enter the account and password are always wrong even though they are not. Files:main_login.phpchecklogin.phplogin_successful.php main_login.php<html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="checklogin.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="Account" type="text" id="Account"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="Password" type="text" id="Password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> </body> </html> checklogin.php<?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="****"; // Mysql password $db_name="****"; // Database name $tbl_name="membersb"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $account=$_POST['Account']; $password=$_POST['Password']; // To protect MySQL injection (more detail about MySQL injection) $account = stripslashes($account); $password = stripslashes($password); $account = mysql_real_escape_string($account); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE account='$account' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("account"); session_register("password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php// Check if session is not registered , redirect back to main page. // Put this code in first line of web page. <?php session_start(); if(!session_is_registered(account)){ header("location:main_login.php"); } ?> <html> <body> Login Successful </body> </html> Any ideas guys? You can test this : courtixgaming.com/php Link to comment Share on other sites More sharing options...
Management terabyte Posted November 28, 2008 Management Share Posted November 28, 2008 At a first quick look the code seems fine to me :huh: P.S.: Is a good thing to close always the database connection, to do it use:mysql_close(); Board Rules - Available Products - Need a Custom Work? < Don't PM me for support, post in the forum or submit a ticket from the client area instead! > Link to comment Share on other sites More sharing options...
ÑÀRÇÁÇΧT Posted November 28, 2008 Author Share Posted November 28, 2008 Yea, thanks for the tip, and I get no errors just wont login Link to comment Share on other sites More sharing options...
DawPi Posted November 29, 2008 Share Posted November 29, 2008 Hello,what happen if you change this:$account = mysql_real_escape_string($account); $password = mysql_real_escape_string($password);to://$account = mysql_real_escape_string($account); //$password = mysql_real_escape_string($password);? IPS, Inc. Official Partner ♦ IPS Community Developer ♦ Custom Modding Link to comment Share on other sites More sharing options...
ÑÀRÇÁÇΧT Posted November 29, 2008 Author Share Posted November 29, 2008 (edited) Wow, that worked, just gotta remove some errors but at least it logs in now :) Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/ctxgame/public_html/php/login_success.php:3) in /home/ctxgame/public_html/php/login_success.php on line 4 Is the error, Edited November 29, 2008 by Ã�Ã�RÃ�Ã�Ã�Ã�§T Link to comment Share on other sites More sharing options...
ÑÀRÇÁÇΧT Posted November 29, 2008 Author Share Posted November 29, 2008 All fixed, thanks guys Link to comment Share on other sites More sharing options...
Management terabyte Posted November 30, 2008 Management Share Posted November 30, 2008 mysql_real_escape_string is used to prevent SQL Injection, is not a good idea to comment out this code :unsure: Probably it was failing the login because you haven't escaped properly the username before saving it in your DB :o Board Rules - Available Products - Need a Custom Work? < Don't PM me for support, post in the forum or submit a ticket from the client area instead! > Link to comment Share on other sites More sharing options...
DawPi Posted December 1, 2008 Share Posted December 1, 2008 Yes yes yes B) IPS, Inc. Official Partner ♦ IPS Community Developer ♦ Custom Modding Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now