0

when i try to access this login page..an empty page open...please help with this coding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Latest</title>
</head>

<body>

<?php
include("db.php");

if (isset($_POST["submit"]))
{
$username=$_POST["username"];
$password=$_POST["password"];
$query="select * from latest where username='$username' && password='$password'";
$query1=mysql_query($query);
if(mysql_num_rows($query1)>0)

{?>

<font color="#FF0000" size="+4"><b>
<?php  

 echo "welcome";
 echo ($username);

}
else 
{

?>
 

<center>
<table align="center" border="2">
<form enctype="multipart/form-data" action="<?php $_SERVER['PHP_SELF']  ?>" method="get">
<tr><td></td></tr>
<tr><td>Enter Username</td>
<td><input type="text" name="username" />
</td></tr>
<tr><td>Enter Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr><td>Submit</td><td><input type="submit" value="submit" name="submit"/></td></tr>
</form>
<?php } } ?>
</table>

</center>
</body>
</html>
5
Contributors
11
Replies
12
Views
6 Years
Discussion Span
Last Post by digital_plunder
0

Your mix of html and php is a bit difficult to follow as your indenting is all to hell.

0

Move the curly brace form line 49 to a line 29. Your second if block should be a part of your first if block which means if form has been submitted and if password is correct then display the greeting else display the table with the form. See the code below.

There are other issues like security. Clean your input to prevent nasty guys and girls to inject nasty code.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Latest</title>
</head>

<body>

<?php
include("db.php");

if (isset($_POST["submit"]))
{
$username=$_POST["username"];
$password=$_POST["password"];
$query="select * from latest where username='$username' && password='$password'";
$query1=mysql_query($query);
if(mysql_num_rows($query1)>0)

{?>

<font color="#FF0000" size="+4"><b>
<?php  

 echo "welcome";
 echo ($username);

}
}
else 
{

?>
 

<center>
<table align="center" border="2">
<form enctype="multipart/form-data" action="<?php $_SERVER['PHP_SELF']  ?>" method="get">
<tr><td></td></tr>
<tr><td>Enter Username</td>
<td><input type="text" name="username" />
</td></tr>
<tr><td>Enter Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr><td>Submit</td><td><input type="submit" value="submit" name="submit"/></td></tr>
</form>
<?php } ?>
</table>

</center>
</body>
</html>
0

thx for the help bruh....i have improved it little bit...but m getting error...can you please resolve it...

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Latest</title>
    </head>
     
    <body>
     
    <?php
    include("db.php");
     
    if(isset($_POST["submit"]))
    {
    $username=$_POST["username"];
    $password=$_POST["password"];
    $query="select * from latest where username='$username' && password='$password'";
    $query1=mysql_query($query);
    if(mysql_num_rows($query1)>0)
     
    {?>
     
    <font color="#FF0000" size="+4"><b>
    <?php
     
    echo "welcome "."$username";
      exit;  
    	}
		else
			{
				$msg="Invalid Username or Password";		
			}
			
	}
     
     ?>
    <table align="center" border="2">
    <form enctype="multipart/form-data" action="login.php" method="post">
    <tr><td> <?php echo($msg);?></td></tr>
    <tr><td>Enter Username</td>
    <td><input type="text" name="username" />
    </td></tr>
    <tr><td>Enter Password</td>
    <td><input type="password" name="password" /></td>
    </tr>
    <tr><td>Submit</td><td><input type="submit" value="submit" name="submit"/></td></tr>
    </form>
  
    </table>
     
    </center>
    </body>
    </html>
0

It could be your SQL on line 17 of your code. Try using the word AND instead of the logical operator &&. Like this:

$query="select * from latest where username='$username' AND password='$password'";
0

There are a lot of things you need to change with this code.

Since this is a login code, you have 2 main goals: security & security. First, when accepting $_POST data, make sure you verify it.

if(isset($_POST['username'])) {
  $username = mysql_real_escape_string($_POST['username']);
}

You need to do the same for the password variable as well. Also, when dealing with passwords, always encrypt them...don't leave themas their original strings. Use PHPs md5 encryption so that passwords aren't retrieved/stored as their original values.

if(isset($_POST['password'])) {
 $password = mysql_real_escape_string($_POST['password']);
  $password = md5($password);
}

Lastly, how are you storing the login details? The proper way to do it is through session data.

0

That error comes that is not sql error,the error is on 39 line,when someone try to login with wrong username....can smeone help me out.

0
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">

try that if the error is coming from line 39. You don't need enctype as you're not sending a file. Also, post is better as you don't see the details in the url.

Edited by diafol: n/a

0

Also line 19

if(mysql_num_rows($query1)>0)

should be

if($query1 and mysql_num_rows($query1)>0)

since query1 is false when wrong username or password. And also initialize $msg first. Put the following code say on line 12:

$msg = '';

.

0

Thats why we are here for:-). But do not forget to improve the code with security measures.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.