0

Hi again,

My login script seemed to be up and running. I was almost ready to crack open a bottle of vin-de-rouge to celebrate as it's a little milestone for me. However, it appears to have abruptly stopped functioning and I'm yet to determine the cause of this. Could I ask for a script-check over to see if there is anything apparent to whats going on - username and password fields are filled but it submitting the form causes the page to reload. None of the checks are flagged (username/password wrong for instance)

Thanks

 <?php

$con=mysqli_connect("x","x","x","x");//Would you believe I spent hours trying
//to get this to work properly from a method OOP style. Instantising references,
//pseudo variables etc. In the end it proved much more tricky than I thought.



if(isset($_POST['submit'])){

$user=$_POST['user']; 
$password=$_POST['password'];

//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
    {    

        $user = stripslashes($user);
        $password = stripslashes($password);
        $user = mysqli_real_escape_string($con, $user);
        $password = mysqli_real_escape_string($con, $password);

        //SQL Injection Ahoy! I know...but future versions aim to be robust!

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";
$result=mysqli_query($con, $sql);

$row=mysqli_fetch_array($result);

if($row[0]==1)
{
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['password'] = $password;
    $_SESSION['loggedin'] = "true";
    header("location:index.php");
}
        else
        {
            print ('<div id="error">Acess denied, wrong username or password?</div>');
        }
        }
        else
            {
            print ('<div id="error">Enter something!</div>');
        }

}

    ?>





 <form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'];?>">
  <legend>Login </legend> 
  <p>Please enter your username and password to access the administrator's panel</p>

   <label for="user"> <input type="text" name="user" placeholder="Type your username here" id="user" /></label> 
   <label for="password"> <input type="password" name="password" placeholder="Type your password here" id="password" /></label>
   <label for="submit"> <input type="submit" class="btn btn-primary"name="submit" id="submit" value="Login" /> </label> </fieldset> </form> 

Just a thought. Could the issue be due to "LIMIT 1" on the SQL query. Or could my session be messed up somehow?

4
Contributors
7
Replies
31
Views
4 Years
Discussion Span
Last Post by shapeape
0

Hello,

There are a few problems within your code but, this stands out for me:

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";

Do you really need the LIMIT 1 here? I wouldn't say so, because, this SQL statement can only really return one row if you have set up your database correctly.. (I.e. primary keys.. Assuming that only ONE user can have that one USERNAME once). I would do this:

`$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}'";

And a suggestion:

$result=mysqli_query($con, $sql) or die("Blah blah");

Hope this helps you a bit :)

As someone else mentioned on your other thread, try to use the OO mysqli.

0

Thanks for the help....

Still no luck though, entering in the correct username and password makes the page reset the fields. I'm really lost here...

0

Wait. Seems to be something to do with this code I put on the page it redirects to :

     if(!isset($_SESSION["loggedIn"])){ //Kick you back to login if your not logged in
                header("Location: login.php");
                exit;
            }

Any thoughts?

Edited by shapeape

0

for reference, the submit input element appears to have a missing whitespace character before the name attribute. This would cause your submitted form to not have $_POST['submit'] which would explain the reload. If that is not what you fixed, let us know :)

0
It was isset($_SESSION["loggedIn"])){ 

VS

 if(!isset($_SESSION["loggedin"])){ // DOH
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.