Member Avatar for shapeape

Hi again,

My login script seemed to be up and running. I was almost ready to crack open a bottle of vin-de-rouge to celebrate as it's a little milestone for me. However, it appears to have abruptly stopped functioning and I'm yet to determine the cause of this. Could I ask for a script-check over to see if there is anything apparent to whats going on - username and password fields are filled but it submitting the form causes the page to reload. None of the checks are flagged (username/password wrong for instance)

Thanks

 <?php

$con=mysqli_connect("x","x","x","x");//Would you believe I spent hours trying
//to get this to work properly from a method OOP style. Instantising references,
//pseudo variables etc. In the end it proved much more tricky than I thought.



if(isset($_POST['submit'])){

$user=$_POST['user']; 
$password=$_POST['password'];

//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
    {    

        $user = stripslashes($user);
        $password = stripslashes($password);
        $user = mysqli_real_escape_string($con, $user);
        $password = mysqli_real_escape_string($con, $password);

        //SQL Injection Ahoy! I know...but future versions aim to be robust!

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";
$result=mysqli_query($con, $sql);

$row=mysqli_fetch_array($result);

if($row[0]==1)
{
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['password'] = $password;
    $_SESSION['loggedin'] = "true";
    header("location:index.php");
}
        else
        {
            print ('<div id="error">Acess denied, wrong username or password?</div>');
        }
        }
        else
            {
            print ('<div id="error">Enter something!</div>');
        }

}

    ?>





 <form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'];?>">
  <legend>Login </legend> 
  <p>Please enter your username and password to access the administrator's panel</p>

   <label for="user"> <input type="text" name="user" placeholder="Type your username here" id="user" /></label> 
   <label for="password"> <input type="password" name="password" placeholder="Type your password here" id="password" /></label>
   <label for="submit"> <input type="submit" class="btn btn-primary"name="submit" id="submit" value="Login" /> </label> </fieldset> </form>

Just a thought. Could the issue be due to "LIMIT 1" on the SQL query. Or could my session be messed up somehow?

  • 4 Contributors
  • 7 Replies
  • 240 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by shapeape

Recommended Answers

All 7 Replies

Member Avatar for phorce

Hello,

There are a few problems within your code but, this stands out for me:

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";

Do you really need the LIMIT 1 here? I wouldn't say so, because, this SQL statement can only really return one row if you have set up your database correctly.. (I.e. primary keys.. Assuming that only ONE user can have that one USERNAME once). I would do this:

`$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}'";

And a suggestion:

$result=mysqli_query($con, $sql) or die("Blah blah");

Hope this helps you a bit :)

As someone else mentioned on your other thread, try to use the OO mysqli.

Member Avatar for JorgeM

... but it submitting the form causes the page to reload....

The same page is loading because your form's action attribute is specifying that the target page is itself.

 action="<?php $_SERVER['PHP_SELF'];?>"

Reference --> http://php.net/manual/en/reserved.variables.server.php

Edited by JorgeM
Member Avatar for shapeape

Thanks for the help....

Still no luck though, entering in the correct username and password makes the page reset the fields. I'm really lost here...

Member Avatar for shapeape

Wait. Seems to be something to do with this code I put on the page it redirects to :

     if(!isset($_SESSION["loggedIn"])){ //Kick you back to login if your not logged in
                header("Location: login.php");
                exit;
            }

Any thoughts?

Edited by shapeape
Member Avatar for shapeape

NM, I figured it out :)

Member Avatar for TomH.PG

for reference, the submit input element appears to have a missing whitespace character before the name attribute. This would cause your submitted form to not have $_POST['submit'] which would explain the reload. If that is not what you fixed, let us know :)

Member Avatar for shapeape 
It was isset($_SESSION["loggedIn"])){

VS

 if(!isset($_SESSION["loggedin"])){ // DOH
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.