0

Hi Everyone.

Can some please assist me. I'm trying to create a login script. This is what I've done so far. This works if user's input is correct. But when the user input is incorrect I get a blank screen. I think my problem lies in the $SQLPASS statments.

Any help is greatly appreciated.
Code is below.

Regards

<?php
$dbhost="localhost";
$dbuser="****";
$dbpass="****";
$dbstore="****";
?>
<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
?>
<?php

        mysql_connect($dbhost, $dbuser, $dbpass)or die(mysql_error());
        mysql_select_db($dbstore)or die(mysql_error());
?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());

?>
<?php

                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username = $login_user) && ($password = $login_pass)){
                //Continue to dashbaord
}else{
        //Return to login screen
}
?>
5
Contributors
18
Replies
19
Views
7 Years
Discussion Span
Last Post by LRNPHP
Featured Replies
  • [CODE]<?php $query = "SELECT * FROM logins where login_username='$username' and login_password='$password'"; $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); if (mysql_num_rows($result) > 0) { header("Location: http://localhost/login_success.php"); } else { header("Location: http://localhost/login.php"); } ?>[/CODE] Read More

0

You code does nothing when no results are returned. That is why you get a blank screen. Before the for loop you should check if you have zero rows. If so, then the login is incorrect and you can return to the login screen using the header() function.

There is also an error on line 39. It should be:

if (($username == $login_user) && ($password == $login_pass)) {
0

You code does nothing when no results are returned. That is why you get a blank screen. Before the for loop you should check if you have zero rows. If so, then the login is incorrect and you can return to the login screen using the header() function.

There is also an error on line 39. It should be:

if (($username == $login_user) && ($password == $login_pass)) {

Hi There.

Thanks for the speedy comeback.

Below is the code, If the username is successful it goes to login_sccess.php else it should return to login.php.

But if the details are incorrect it display's a blank page.

Regards

<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
0

Just as a side note, what would happen if i entered the username or password.

test'); DROP TABLE logins;--

Always escape any user input text with.

mysql_real_escape_string($string);
0

When you see the blank page, what is the url ? The error should be in that page, try echo'ing some texts in the code to see how far it gets. That is a simple way to locate the problem line.

Good catch omol. He'll have a similar problem if the user just posts the page without a user/pass. The checks will evaluate two empty strings, and allow to continue.

Edited by pritaeas: n/a

0

When you see the blank page, what is the url ? The error should be in that page, try echo'ing some texts in the code to see how far it gets. That is a simple way to locate the problem line.

Good catch omol. He'll have a similar problem if the user just posts the page without a user/pass. The checks will evaluate two empty strings, and allow to continue.

Hi

Thanks for the escape_string quote. I did a echo. The echo "test" show, but now the echo "test2".

Hope this helps.

Regards

<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

 echo "test";

?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
        echo "test";
                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
0

Is this the complete script?

Are you missing the sql database connection now?

Do both the "echo "test""; return?

Edited by omol: n/a

0

Is this the complete script?

Are you missing the sql database connection now?

Do both the "echo "test""; return?

Hi

Here is the complete script. If the username + password input is correct It display's all 3 echo's. If the username and or password is incorrect it display's only 1 echo. I think the issue is locate in here somewhere.

If I comment out the $SQLRESULT and $SQLROW it will continue.

Thanks for everyones help so far.

Regards

<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
$dbhost="localhost";
$dbuser="****";
$dbpass="****";
$dbstore="****";
?>
<?php

        mysql_connect($dbhost, $dbuser, $dbpass)or die(mysql_error());
        mysql_select_db($dbstore)or die(mysql_error());
?>
<?php
//Retrieve Data from POST
$username = $_POST['username'];
$pass = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($pass);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

 echo "test";

?>
<?php

        $SQLPASS="SELECT * FROM logins where login_username='$username' and login_password='$password'";
        $SQLRESULT=mysql_query($SQLPASS)or die(mysql_error());
        $SQLROW=mysql_num_rows($SQLRESULT)or die(mysql_error());
 echo "test2";
?>
<?php
        echo "test";
                for($a=0; $a<$SQLROW; $a++){
                        $login_user=mysql_result($SQLRESULT, $a, 'login_username');
                        $login_pass=mysql_result($SQLRESULT, $a, 'login_password');

                                echo "".$login_user."<br>";
                                echo "".$login_pass."<br>";
                        }

?>
<?php
        if(($username == $login_user) && ($password == $login_pass)){
                //Continue to dashbaord
                header("Location: http://localhost/login_success.php");
}else{
        //Return to login screen
                header("Location: http://localhost/login.php");
}
?>
0

Add

ini_set('error_reporting', E_ALL);

That should let you know whats causing the issue.

0

Add

ini_set('error_reporting', E_ALL);

That should let you know whats causing the issue.

Hi

Can I add it anywhere?

Regards

0

Sorry, should have said. Add it to the top of your script.

Edit:- Damn this new layout on daniweb. Should default to the last page posted on.

Edited by omol: n/a

0

Sorry, should have said. Add it to the top of your script.

Edit:- Damn this new layout on daniweb. Should default to the last page posted on.

Hi Everyone.

Nope does not work. Still getting only 1 echo when entering wrong username and or password. With correct username and password it works 100%.

Thanks

0

Do you now get any error returned?

Hi

Nope just the echo (test) is showing.

Regards

Edited by LRNPHP: n/a

0
<?php
$query = "SELECT * FROM logins where login_username='$username' and login_password='$password'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
if (mysql_num_rows($result) > 0) { 
	header("Location: http://localhost/login_success.php");
} else {
	header("Location: http://localhost/login.php");
}
?>

Hi There.

Thanks allot for everyones help and especially to rajarajan07. It's working 100% now.

Regards

0

Hi, here we mention code which solve your Login problem,
Save index_dir.php that file in Root Folder,
for that Problem We Use WAMP Window + Apache Server + MySql + PHP

 <?php
if(isset($_POST['posted']))
            {
               $name=$_POST['dir_username'];
               $pass=$_POST['dir_password'];
               $connect=mysql_connect('localhost','root','');
            $db=mysql_select_db('dir_db',$connect);
            $query=mysql_query('SELECT * FROM dir_login',$connect);
            while($row=mysql_fetch_array($query))
            {
                $column1=$row['username'];
                $column2=$row['password'];
                if($column1 == $name && $column2 == $pass)
                {
                    header('location:registration_dir.php');
                }
                else
                {
                    echo('Sorry Username and password is mismatch');
                    exit();
                }
            }
            }

?>

<form name="index_dir" method="post" action="index_dir.php">
<table align="center" border="">
        <tr>
               <td>
                 <b  style="background-color:#063">USERNAME</b>
                <input type="text" name="dir_username" value="USERNAME" style="background-color:#966">
                </td>
        </tr>
        <tr>
               <td><b style="background-color:#063">PASSWORD</b>  
               <input type="password" name="dir_password" value="*****" style="background-color:#966">
               </td>
        </tr>
        <tr>
               <td><input type="hidden" name="posted" value="true>"></td>
               <td>
               <input type="submit" name="dir_submir" value="GO" style="background-color:#063">
               </td>
       </tr>
</table>
</form>

Edited by Reverend Jim: Fixed formatting

0

Hi There

Thanks a million. Have a nice day.

Regards

Edited by Nick Evan: Fixed formatting

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.