Member Avatar for berserk

I cant seem to get this login form to work right I have the login form come up and i can use it to get to the form.php page that i try to access but my problem is that its not verifying any login information, it just goes on through to the form page regardless. Let me give some more detail to clerify some things, im running this program over a local network so i dont need anything encrypted and also my login form is based entirely on an admin changable user name and password in phpmyadmin, my boss will have access to this page and be able to change the username and password to what he sees fit all i need to do is make sure that it reads the username and password from the database and checks to see if the entered ones are the same, if so then go to the form. here is the code i have, im sure its wrong but what i dotn understand is i have a similar function in another project that work exactly like it should with code set up like what i have here, also im getting this error that im sending the header before this is executed and it cant change the header again, which is weird cause i have commented out all the echos and so it shouldnt be giving me this error. Help please.

<html>

<form action="form.php" method="post">

<head>
    <!-- Basics -->  
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">   
    <title>Login</title>
    <!-- CSS --> 
    <link rel="stylesheet" href="css/reset.css">
    <link rel="stylesheet" href="css/animate.css">
    <link rel="stylesheet" href="css/styles.css">    
</head>
    <!-- Main HTML -->   
<body>   
    <!-- Begin Page Content -->  
    <div id="container">     
        <form>       
        <label for="name">Username:</label>       
        <input type="name">      
        <label for="username">Password:</label>       
        <p><a href="#">Forgot your password?</a>       
        <input type="password">      
        <div id="lower">     
        <input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>       
        <input type="submit" value="Login" id="login">   
        </div>       
        </form>
    </div>

    <!-- End Page Content -->

<?php
//include("config.php");
//session_start();

$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));

if(isset($_GET['login']))
{
    $myusername = $_GET['name'];
    $mypassword = $_GET['password'];
}

//if($_SERVER["REQUEST_METHOD"] == "POST")
//{
// username and password sent from Form
$myusername=mysqli_real_escape_string($con,$_GET['name']); 
$mypassword=mysqli_real_escape_string($con,$_GET['password']); 

$sql="SELECT id FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$check=  mysqli_query($con,$sql);
//$row=  mysqli_fetch_array($result,  MYSQLI_ASSOC);
//$active=$row['active'];

//$count= mysqli_num_rows($result);
$row = mysqli_fetch_row($check);


// If result matched $myusername and $mypassword, table row must be 1 row
if($row[0] == 0)
{
    //session_register("myusername");
    //session_register("mypassword"); 
    //$_SESSION['login_user']=$myusername;
    //echo "Successful Login";
    header('location: form.php');
    exit();
}
else 
{
    //$error="Your Login Name or Password is invalid";
    //echo "$error";
    header("location: login.php");
    exit();
}
//}
?>


</body>
</form>
</html>
  • 4 Contributors
  • 12 Replies
  • 505 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by berserk
Member Avatar for urtrivedi

your method is post (see line no. 3) so changed line number 49,50

$myusername=mysqli_real_escape_string($con,$_POST['name']); 
$mypassword=mysqli_real_escape_string($con,$_POST['password']);

change line 62 (if $row[0] has some value of id, means not blank)

if($row[0]!="")
Member Avatar for Jack_9

If you want a login form from the database you should link the database login from it.

Member Avatar for veedeoo

Your form tag is way above the <body> tag. It should stay below the <body> tag. There are many great websites out there where you can read about proper html syntax.

remove form tag in line 3 and replace the form tag in line 19.

On your form.php, Replace this

<input type="submit" value="Login" id="login">

with this

<input type="submit" value="Login" name="login" id="login">

replace

if(isset($_GET['login'])){

## codes here

}

with these

if(isset($_POST['login'])){

    ## codes here responsible for login validation

    }

    elseif{

            ## remind the user of any error 

       }

    else{

        ## show them the login form or redirect to the login page

        }

pretty much those are the basics...

Edited by veedeoo because: info added.
Member Avatar for berserk

okay so i have narrowed my code down some more and have rid myself of many errors but im still not getting the desired result.

here is my code now.

<html>
<body>   

    <!-- End Page Content -->

<?php

$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));


if(isset($_POST['login']))
{
    $myusername = $_GET['name'];
    $mypassword = $_GET['password'];

    $myusername=mysqli_real_escape_string($con,$_POST['name']); 
    $mypassword=mysqli_real_escape_string($con,$_POST['password']);

    $sql="SELECT * FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
    $check=  mysqli_query($con,$sql);

    $row = mysqli_fetch_row($check);


    if($row[0] == 0)
    {
        //echo "Successful Login";
        echo "<META http-equiv=' refresh' ;URL='form.php'>";

    }
    else 
    {
        //$error="Your Login Name or Password is invalid";
        //echo "$error";
        echo "<META http-equiv=' refresh' ;URL='index.php'>";

    }
}


?>

<form action="form.php" method="post">
<head>
    <!-- Basics -->  
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">   
    <title>Login</title>
    <!-- CSS --> 
    <link rel="stylesheet" href="css/reset.css">
    <link rel="stylesheet" href="css/animate.css">
    <link rel="stylesheet" href="css/styles.css">    
</head>
    <!-- Main HTML -->   
    <!-- Begin Page Content -->  
    <div id="container">     
        <form>       
        <label for="name">Username:</label>       
        <input type="name" name="username" id="username">        
        <label for="username">Password:</label>       
        <p><a href="#">Forgot your password?</a>       
        <input type="password" name="password" id="password">        
        <div id="lower">     
        <input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>       
        <input type="submit" value="Login" name="login" id="login">
        </div>       
        </form>
    </div>


</body>
</form>
</html>

it still doesnt check the username and password values and just logs in anyway, what is WRONG with my code lol

Member Avatar for urtrivedi

Change following
Line 21

$sql="SELECT username FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";

Line 25

if($row[0]!="")
Member Avatar for berserk

I changed those but it still logs in automatically without verifiying if the login information is correct. What gives?

here is the newly modified code.

<html>
<body>   

    <!-- End Page Content -->

<?php

$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));


if(isset($_POST['login']))
{
    $myusername = $_GET['name'];
    $mypassword = $_GET['password'];

    $myusername=mysqli_real_escape_string($con,$_POST['name']); 
    $mypassword=mysqli_real_escape_string($con,$_POST['password']);

    //$sql="SELECT * FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";

    $sql="SELECT username FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
    $check=  mysqli_query($con,$sql);

    $row = mysqli_fetch_row($check);


    if($row[0]!="")
    {
        //echo "Successful Login";
        echo "<META http-equiv=' refresh' ;URL='form.php'>";

    }
    else 
    {
        //$error="Your Login Name or Password is invalid";
        //echo "$error";
        echo "<META http-equiv=' refresh' ;URL='index.php'>";

    }
}


?>

<form action="form.php" method="post">
<head>
    <!-- Basics -->  
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">   
    <title>Login</title>
    <!-- CSS --> 
    <link rel="stylesheet" href="css/reset.css">
    <link rel="stylesheet" href="css/animate.css">
    <link rel="stylesheet" href="css/styles.css">    
</head>
    <!-- Main HTML -->   
    <!-- Begin Page Content -->  
    <div id="container">     
        <form>       
        <label for="name">Username:</label>       
        <input type="name" name="username" id="username">        
        <label for="username">Password:</label>       
        <p><a href="#">Forgot your password?</a>       
        <input type="password" name="password" id="password">        
        <div id="lower">     
        <input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>       
        <input type="submit" value="Login" name="login" id="login">
        </div>       
        </form>
    </div>


</body>
</form>
</html>
Member Avatar for veedeoo

try running this

<html>
<body>
<!-- End Page Content -->
<?php
$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));
if(isset($_POST['login']))
{
//$myusername = $_GET['name'];
//$mypassword = $_GET['password'];
$myusername=mysqli_real_escape_string($con,$_POST['username']);
$mypassword=mysqli_real_escape_string($con,$_POST['password']);
//$sql="SELECT * FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$sql="SELECT username, password FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$check= mysqli_query($con,$sql);
$row = mysqli_fetch_row($check);
if($row[0]!="" && $row[1] !="")
{
//echo "Successful Login";
//echo "<META http-equiv=' refresh' ;URL='form.php'>";
    echo 'you are login<br/>';
}
else
{
 $error="Your Login Name or Password is invalid";
echo "$error";
//echo "<META http-equiv=' refresh' ;URL='index.php'>";
}
}
?>
<form action="deletethis.php" method="post">
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<form>
<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<p><a href="#">Forgot your password?</a>
<input type="password" name="password" id="password">
<div id="lower">
<input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>
</form>
</html>

I don't recommend using it in production server, because of the weakness in login validation, but it is sufficient for practice purposes only.

Member Avatar for berserk

THIS WORKED FINALLY!!

however i can tseem to get it to go to the right page after the evaluation has passed.

here is my current code but it doesnt work.

<html>
<body>
<!-- End Page Content -->
<?php
$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));
if(isset($_POST['login']))
{
//$myusername = $_GET['name'];
//$mypassword = $_GET['password'];
$myusername=mysqli_real_escape_string($con,$_POST['username']);
$mypassword=mysqli_real_escape_string($con,$_POST['password']);
//$sql="SELECT * FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$sql="SELECT username, password FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$check= mysqli_query($con,$sql);
$row = mysqli_fetch_row($check);
if($row[0]!="" && $row[1] !="")
{
//echo "Successful Login";
//echo "<META http-equiv=' refresh' ;URL='form.php'>";
    //echo 'Successful Login<br/>';
    //echo "<META http-equiv=' refresh' ;URL='form.php'>";
    header('location: form.php');
    exit();
}
else
{
 $error="Your Login Name or Password is invalid";
echo "$error";
//echo "<META http-equiv=' refresh' ;URL='index.php'>";
}
}
?>
<form action="index.php" method="post">
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<form>
<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<p><a href="#">Forgot your password?</a>
<input type="password" name="password" id="password">
<div id="lower">
<input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>
</form>
</html>

I have used header which didnt work and throws an error about being unable to change the header information, i have also tried the meta tag and that did nothing either so im kinda at a lose on how to redirect the user to the desired form page. are there any other ways to do this? ive looked but i keep coming back to the header mainly.

Member Avatar for veedeoo

you can create a new page and call it verified.php and put this code

<?php
    session_start();

if($_SESSION['loggeg_in'] && (isset($_SESSION['username']))){

    echo 'You are logged in as:'. $_SESSION['username'];

    }

Your modified codes should now look like this

<?php

session_start();
$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));
if(isset($_POST['login'])){

$myusername=mysqli_real_escape_string($con,$_POST['username']);
$mypassword=mysqli_real_escape_string($con,$_POST['password']);

$sql="SELECT username, password FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
$check= mysqli_query($con,$sql);
$row = mysqli_fetch_row($check);
if($row[0]!="" && $row[1] !=""){

 ## set logged_in to true
$_SESSION['logged_in']= true;
 ## set username session
$_SESSION['username'] = $row[0]; 

header('location: verified.php');
exit();
}
else
{
$error="Your Login Name or Password is invalid";
//echo "$error";
//echo "<META http-equiv=' refresh' ;URL='index.php'>";
}
}
?>
<html>
<body>
<?php echo ($error ? $error : '' );?>
<form action="index.php" method="post">
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<form>
<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<p><a href="#">Forgot your password?</a>
<input type="password" name="password" id="password">
<div id="lower">
<input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>
</form>
</html>

We cannot have any <html> tags before redirect . The only place where you can do it is if you area coding inside the frameworks like CodeIgniter..

Edited by veedeoo because: info added.
Member Avatar for veedeoo

for some reason, you keep on putting back all those codes that i told you to remove.

change this

<html>
<body>
<?php echo ($error ? $error : '' );?>
<form action="index.php" method="post">
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<form>
<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<p><a href="#">Forgot your password?</a>
<input type="password" name="password" id="password">
<div id="lower">
<input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>
</form>
</html>

to this

<html>
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<body>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<?php echo ($error ? $error : '' );?>

<form action="index.php" method="post">

<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<p><a href="#">Forgot your password?</a>
<input type="password" name="password" id="password">
<div id="lower">
<input type="checkbox"><label class="check" for="checkbox">Keep me logged in</label>
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>

</html>
Edited by veedeoo because: info added.
Member Avatar for berserk

ok i got it working but im sure its one big security risk lol, i changed the verified header to the form header and it worked, this is basically what i needed.

Member Avatar for berserk

thank you very much i appreciate the help and assistence

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.