Could anyone tell me why the following is not working?

<html>
<body>



<? 

$link = mysql_connect('localhost', 'username', 'password'); 
if (!$link) { 
    die('Could not connect: ' . mysql_error()); 
} 
echo 'Connected successfully'; 
mysql_select_db('database'); 


if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password'])){  
    $username = ($_POST['username']);  
    $password = ($_POST['password']);  
  
    $search = mysql_query("SELECT username, password, active FROM users WHERE username='".$username."' AND password='".$password."'") or die(mysql_error());  
    $match  = mysql_num_rows($search);  
            }  

if($match > 0){  
    echo 'Login Complete! Thanks';  
    // Set cookie / Start Session / Start Download etc...  
}else{  
    echo  'Login Failed! Please make sure that you enter the correct details and that you have activated your account.';  
}  
?>          

        
        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  
  
      
  
        <!-- start sign up form -->  
        <form action="" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="name" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  
  
            <input type="submit" class="submit_button" value="Login" />  
        </form>  

</body>
</html>

The connected successfully message comes up, but so does the Login Failed! one. I am not sure what I am doing wrong. The stuff I am typing in exactly matches the database info. (I have changed username, password etc. for this post).

This isn't the finished script but I am just checking as I go along, still need to add cookies, session etc. but it is not looking good if I can't do this!

The script is not originally mine but I am trying to adapt it

Thanks

Recommended Answers

change line number 24 to

if($search > 0){
Jump to Post

<input name="name"... /> should be name="username"... />. You your comment:
// Set cookie / Start Session / Start Download etc... is inaccurate. You need to start the session BEFORE you even begin sending any output. That means that you cannot start the session after you have send

Jump to Post

All 7 Replies

change line number 24 to

if($search > 0){

<input name="name"... /> should be name="username"... />. You your comment:
// Set cookie / Start Session / Start Download etc... is inaccurate. You need to start the session BEFORE you even begin sending any output. That means that you cannot start the session after you have send <html>...

Try the attached code instead:

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>
<html>
<body>
<?php

$link = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error()); 
echo 'Connected successfully'; 
mysql_select_db('database') or die(mysql_error()); 


if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  

    $sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  

    if($DEBUG)
    {
        echo '<br />Executed: '.htmlspecialchars($sql,ENT_QUOTES);
        echo '<br />Total Matches: '.$match;
    }
}  

if($match==1){  
    echo '<p>Login Complete! Thanks</p>';  
    // Set cookie / Start Session / Start Download etc...  
}
else
{ 
    echo  '<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          


        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  



        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="username" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  

            <input type="submit" class="submit_button" value="Login" />  
        </form>  

</body>
</html>

first if this line of code fails there is no notice like you did to connect

mysql_select_db('database');

may I know why you are mixing ampersand abd AND
if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password']))

Also print_r($_POST) to see if the form posts values and indices are correct[CODE=PHP]if(isset($_POST) && !empty($_POST) AND isset($_POST) && !empty($_POST))

Also print_r($_POST) to see if the form posts values and indices are correct

change line number 24 to

if($search > 0){

Why should OP do that?

Thanks for all your help so far, I have another issue, I hope it isn't too much trouble as I feel bad constantly asking for help!

Here is my script so far, I've added in sessions etc and instead of a success message redirecting to either previous page or index. Is this the correct way to use sessions?

Also I get an error now:

Cannot modify header information - headers already sent by... on line 37

I have looked around and it seems that the problem is to do with already sending info to browser but I am not sure how I have done this!

<?php
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI']; ?>

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>
<html>
<body>
<?php
 
$link = mysql_connect('', '', '') or die('Could not connect: ' . mysql_error()); 
echo 'Connected successfully'; 
mysql_select_db('') or die(mysql_error()); 
 
 
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  
 
	$sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  
 
}  
 
if($match==1){  
 session_start();  
if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; 
else 
   $url = "index.php"; // default page for 

header("Location: http://web.com/$url");  
}
else
{ 
    echo  '<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          
 
 
        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  
 
 
 
        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="username" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  
 
            <input type="submit" class="submit_button" value="Login" />  
        </form>  
 
</body>
</html>

Thanks for your help

Below is login.php followed by protectedPage.php. Read comments in code

<?php
//login.php
session_start(); // starts the session

//this makes no sense.  
//	$_SESSION['url'] = $_SERVER['REQUEST_URI'];
//If this file is named login.php, it sets $_SESSION['url'] to login.php. So essentially
//as soon as you arrive at this page you are setting 'url' to 'login.php'. You then see the
//login form. Once you submit the login form and provide the correct username and password
//you are then redirecting to whatever is in 'url', which is (once again) 'login.php'
//The net effect will be that you will remain 'stuck' in login.
//What you need to do is to set $_SESSION['url'] on the page that you want to protect, 
//NOT in login.php.  See how I did this in protectedPage.php

$SELF=basename(__FILE__);
$msg='';
 
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
	$link = mysql_connect('', '', '') or die('Could not connect: ' . mysql_error()); 
	mysql_select_db('') or die(mysql_error()); 

    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  
 
	$sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  
 
}  
 
if($match==1)
{
	$_SESSION['authenticated']=true;
	$url = 'index.php'; // default page for 
	if(isset($_SESSION['url']))
	{
		$url = strip_tags($_SESSION['url']);
		unset($_SESSION['url']);
	}
	header("Location: http://web.com/$url");
	exit;
}
else
{ 
    $msg='<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          
<html>
<body>
        <h1>Login Form</h1>
		<?php
		if(!empty($msg))
		{
			echo $msg;
		}
		?>
        <p>Please enter your name and password to login</p>  
        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <div>
				<label for="name">Name:</label>  
            	<input type="text" name="username" value="" />
			</div>
            <div>
				<label for="password">Password:</label>
            	<input type="password" name="password" value="" />
			</div>
 
			<div><input type="submit" class="submit_button" value="Login" /></div>
        </form>  
 
</body>
</html>

here's what you need to "protect" a some page

<?php
//protectedPage.php
session_start();

if( !isset($_SESSION['authenticated']) )
{
	$_SESSION['url']=strip_tags($_SERVER['REQUEST_URI']);
	header('Location: http://web.com/login.php');
	exit;
}
//rest of code for the page you are trying to "protect" follows here
//...
?>

<?php
session_start(); // starts the session
$_SESSION = $_SERVER; ?>

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>

You are just doing that....double starting session!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.