Member Avatar for LRNPHP

Hi Everyone.

Can some please assist me. I'm trying to create a login script. This is what I've done so far. This works if user's input is correct. But when the user input is incorrect I get a blank screen. I think my problem lies in the $SQLPASS statments.

Any help is greatly appreciated.
Code is below.

Regards

<?php
$dbhost="localhost";
$dbuser="****";
$dbpass="****";
$dbstore="****";
?>
<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
?>
<?php

        mysql_connect($dbhost, $dbuser, $dbpass)or die(mysql_error());
        mysql_select_db($dbstore)or die(mysql_error());
?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());

?>
<?php

                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username = $login_user) && ($password = $login_pass)){
                //Continue to dashbaord
}else{
        //Return to login screen
}
?>
  • 5 Contributors
  • 18 Replies
  • 474 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by LRNPHP
Member Avatar for pritaeas

You code does nothing when no results are returned. That is why you get a blank screen. Before the for loop you should check if you have zero rows. If so, then the login is incorrect and you can return to the login screen using the header() function.

There is also an error on line 39. It should be:

if (($username == $login_user) && ($password == $login_pass)) {
Member Avatar for LRNPHP

You code does nothing when no results are returned. That is why you get a blank screen. Before the for loop you should check if you have zero rows. If so, then the login is incorrect and you can return to the login screen using the header() function.

There is also an error on line 39. It should be:

if (($username == $login_user) && ($password == $login_pass)) {

Hi There.

Thanks for the speedy comeback.

Below is the code, If the username is successful it goes to login_sccess.php else it should return to login.php.

But if the details are incorrect it display's a blank page.

Regards

<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
Member Avatar for omol

Just as a side note, what would happen if i entered the username or password.

test'); DROP TABLE logins;--

Always escape any user input text with.

mysql_real_escape_string($string);
Member Avatar for pritaeas

When you see the blank page, what is the url ? The error should be in that page, try echo'ing some texts in the code to see how far it gets. That is a simple way to locate the problem line.

Good catch omol. He'll have a similar problem if the user just posts the page without a user/pass. The checks will evaluate two empty strings, and allow to continue.

Edited by pritaeas because: n/a
Member Avatar for LRNPHP

When you see the blank page, what is the url ? The error should be in that page, try echo'ing some texts in the code to see how far it gets. That is a simple way to locate the problem line.

Good catch omol. He'll have a similar problem if the user just posts the page without a user/pass. The checks will evaluate two empty strings, and allow to continue.

Hi

Thanks for the escape_string quote. I did a echo. The echo "test" show, but now the echo "test2".

Hope this helps.

Regards

<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

 echo "test";

?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
        echo "test";
                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
Member Avatar for omol

Is this the complete script?

Are you missing the sql database connection now?

Do both the "echo "test""; return?

Edited by omol because: n/a
Member Avatar for LRNPHP

Is this the complete script?

Are you missing the sql database connection now?

Do both the "echo "test""; return?

Hi

Here is the complete script. If the username + password input is correct It display's all 3 echo's. If the username and or password is incorrect it display's only 1 echo. I think the issue is locate in here somewhere.

If I comment out the $SQLRESULT and $SQLROW it will continue.

Thanks for everyones help so far.

Regards

<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
$dbhost="localhost";
$dbuser="****";
$dbpass="****";
$dbstore="****";
?>
<?php

        mysql_connect($dbhost, $dbuser, $dbpass)or die(mysql_error());
        mysql_select_db($dbstore)or die(mysql_error());
?>
<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

 echo "test";

?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
        echo "test";
                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
Member Avatar for omol

Add

ini_set('error_reporting', E_ALL);

That should let you know whats causing the issue.

Member Avatar for LRNPHP

Add

ini_set('error_reporting', E_ALL);

That should let you know whats causing the issue.

Hi

Can I add it anywhere?

Regards

Member Avatar for pritaeas

Preferrably at the top.

Member Avatar for omol

Sorry, should have said. Add it to the top of your script.

Edit:- Damn this new layout on daniweb. Should default to the last page posted on.

Edited by omol because: n/a
Member Avatar for LRNPHP

Sorry, should have said. Add it to the top of your script.

Edit:- Damn this new layout on daniweb. Should default to the last page posted on.

Hi Everyone.

Nope does not work. Still getting only 1 echo when entering wrong username and or password. With correct username and password it works 100%.

Thanks

Member Avatar for omol

Do you now get any error returned?

Member Avatar for LRNPHP

Do you now get any error returned?

Hi

Nope just the echo (test) is showing.

Regards

Edited by LRNPHP because: n/a
Member Avatar for rajarajan2017 
<?php
$query = "SELECT * FROM logins where login_username='$username' and login_password='$password'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
if (mysql_num_rows($result) > 0) { 
	header("Location: http://localhost/login_success.php");
} else {
	header("Location: http://localhost/login.php");
}
?>
Member Avatar for LRNPHP 
<?php
$query = "SELECT * FROM logins where login_username='$username' and login_password='$password'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
if (mysql_num_rows($result) > 0) { 
	header("Location: http://localhost/login_success.php");
} else {
	header("Location: http://localhost/login.php");
}
?>

Hi There.

Thanks allot for everyones help and especially to rajarajan07. It's working 100% now.

Regards

Member Avatar for sandeepji1

Hi, here we mention code which solve your Login problem,
Save index_dir.php that file in Root Folder,
for that Problem We Use WAMP Window + Apache Server + MySql + PHP

 <?php
if(isset($_POST['posted']))
            {
               $name=$_POST['dir_username'];
               $pass=$_POST['dir_password'];
               $connect=mysql_connect('localhost','root','');
            $db=mysql_select_db('dir_db',$connect);
            $query=mysql_query('SELECT * FROM dir_login',$connect);
            while($row=mysql_fetch_array($query))
            {
                $column1=$row['username'];
                $column2=$row['password'];
                if($column1 == $name && $column2 == $pass)
                {
                    header('location:registration_dir.php');
                }
                else
                {
                    echo('Sorry Username and password is mismatch');
                    exit();
                }
            }
            }

?>

<form name="index_dir" method="post" action="index_dir.php">
<table align="center" border="">
        <tr>
               <td>
                 <b  style="background-color:#063">USERNAME</b>
                <input type="text" name="dir_username" value="USERNAME" style="background-color:#966">
                </td>
        </tr>
        <tr>
               <td><b style="background-color:#063">PASSWORD</b>  
               <input type="password" name="dir_password" value="*****" style="background-color:#966">
               </td>
        </tr>
        <tr>
               <td><input type="hidden" name="posted" value="true>"></td>
               <td>
               <input type="submit" name="dir_submir" value="GO" style="background-color:#063">
               </td>
       </tr>
</table>
</form>
Edited by Reverend Jim because: Fixed formatting
Member Avatar for LRNPHP

Hi There

Thanks a million. Have a nice day.

Regards

Edited by Nick Evan because: Fixed formatting
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.