We're a community of 1.1M IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,080,620 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Discover Popular Web Based CRM Apps
7 Months Ago
0

Log in system

Hi there,
I have been trying to fix the problem in the below code for a long time, it did work for me at some point. Then, it suddenly stopped storing user's details in a session.

        $user  = $_POST['username'];
        $pass  = $_POST['password'];
        $query = "SELECT username, password FROM
                  USERS WHERE username = '$user' 
                  AND password='$pass' ";


        $result = mysql_query($query) or mysql_error();

        $row = mysql_fetch_assoc($result);



        if(  $row['username'] == $user ){

            $_SESSION['username'] = $row['username'];
            $_SESSION['password'] = $row['password'];
            header('Location:settings.php');
        }




        and this is the form where the above mentioned script gets the values from




            echo "<form action='log_in.php' method='post' >";
                        echo "<input type='text'     name='username' placeholder='username' "; 
                        echo "<input type='password' name='password' placeholder='password' ";
                        echo "<input type='submit' value='Log in' > ";   
            echo "</form>";
8
Contributors
12
Replies
4 Days
Discussion Span
7 Months Ago
Last Updated
13
Views
Question
Answered
rotten69
Master Poster
747 posts since May 2011
Reputation Points: 36
Solved Threads: 48
Skill Endorsements: 13
7 Months Ago
0

Are you calling session_start anywhere?

dcdruck
Junior Poster in Training
89 posts since Jul 2009
Reputation Points: 21
Solved Threads: 20
Skill Endorsements: 0
7 Months Ago
0

I had a similar problem but it was due to something like not adding: ifisset

 $user = if(isset($_POST['username']))
 $pass = if(isset($_POST['password']))

have you tried turning on all errors to see what may be causing the problem.

error_reporting(E_ALL);

mbhanley
Junior Poster in Training
51 posts since Nov 2010
Reputation Points: 10
Solved Threads: 3
Skill Endorsements: 0
7 Months Ago
0

yes.I'm calling session_start() in other pages.

rotten69
Master Poster
747 posts since May 2011
Reputation Points: 36
Solved Threads: 48
Skill Endorsements: 13
7 Months Ago
0

session_start() must be called at the start of every page or you will lose the session variables when that page loads.

Zagga
Posting Whiz
388 posts since Dec 2009
Reputation Points: 45
Solved Threads: 81
Skill Endorsements: 4
7 Months Ago
0

it is all fixed now. cheers guys!

rotten69
Master Poster
747 posts since May 2011
Reputation Points: 36
Solved Threads: 48
Skill Endorsements: 13
7 Months Ago
0

Please mark as solved, it still shows as open thread in forum, thanx.

AndreRet
Industrious Poster
4,706 posts since Jan 2008
Reputation Points: 391
Solved Threads: 481
Skill Endorsements: 20
7 Months Ago
0

Although the thread is closed, I should add that you are vulnerable to what is called SQL Injection.
This is where people enter malicious code into your form and because SQL executes it as part of the query then it can do a lot of damage.

The best way as of the present is to use the new MySQL(improved) extension or to just simply add mysql_real_escape_string before you POST.

Instead of $user = $_POST['username']; you should use $user = mysql_real_escape_string($_POST['username']); at a minimum to escape any dangerous characters.

AHarrisGsy
Posting Pro
540 posts since Nov 2011
Reputation Points: 55
Solved Threads: 45
Skill Endorsements: 15
7 Months Ago
0

SQL injection is indeed a problem, however, as opposed to using mysql_* functions, you should give serious thought to moving across to mysqli_* or PDO. mysql_* has an uncertain future. The benefits of PDO for example is that you can apply parameterized queries:

$st = $db->prepare("SELECT field3, field4 FROM table WHERE field1 = :f1 AND field2 = :f2");
$st->execute(array(':f1'=>$var1, ':f2'=>var2));

That does away with all the escaping routines.

diafol
Keep Smiling
Moderator
10,848 posts since Oct 2006
Reputation Points: 1,675
Solved Threads: 1,539
Skill Endorsements: 61
7 Months Ago
0

To expand upon what diafol said, PDO also provides a layer of abstraction to the database so that you can change DBMSs in the future without having to rewrite all of your querying code.

dcdruck
Junior Poster in Training
89 posts since Jul 2009
Reputation Points: 21
Solved Threads: 20
Skill Endorsements: 0
7 Months Ago
0

Thanks guys for the help and suggestions. I will be looking into PDO.

rotten69
Master Poster
747 posts since May 2011
Reputation Points: 36
Solved Threads: 48
Skill Endorsements: 13
Question Answered as of 7 Months Ago by dcdruck, AndreRet, Zagga and 3 others
7 Months Ago
0

please any one help me i want now php code for barcode reader,i want whole complate code....

tesha29
Newbie Poster
1 post since Oct 2012
Reputation Points: 0
Solved Threads: 0
Skill Endorsements: 0
7 Months Ago
0

@tesha29

Please start a new thread - do not hijack this solved thread.
Better still, search this site as I remember this coming up many times in the past.

diafol
Keep Smiling
Moderator
10,848 posts since Oct 2006
Reputation Points: 1,675
Solved Threads: 1,539
Skill Endorsements: 61

This question has already been solved: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page generated in 1.2513 seconds using 2.84MB