0

Sir, please help me to locate the error, if user not found or wrong user name password etc then all codes work fine but when I enter correct user name and password then no result.

<?php
session_start();
require_once("includes/connect.php");
require_once("includes/functions.php");
if(isset($_POST['login']))
{   
    $muser=clean($_POST['username']); 
    $mpass=clean($_POST['password']); 
    if(empty($muser))
    {
        echo ('<script type="text/javascript">alert("User name must not be empty")</script>');
    }
    elseif (empty($mpass))
    {
        echo ('<script>alert("Password must not be empty")</script>');
    }
    else
    {
        $query1="SELECT * FROM admin where user ='". $muser ."' ";
        $result1=mysqli_query($con,$query1)or die ("Error". mysqli_error($con)) ;  
        $count1=mysqli_num_rows($result1); 
        if($count1==0)
        {
            echo ('<script>alert("User not found")</script>');
        }
        else
        {
            $query="SELECT * FROM admin where user ='".$muser."' and pass='".$mpass."'";
            echo 'Query='. $query;
            $result=mysqli_query($con,$query)or die ("Error". mysqli_error($con)) ;  
            $row=mysqli_fetch_array($result);
            $count=mysqli_num_rows($result); 
            if($count==0)
            {
                echo '<script>alert("Password is invalid")</script>';
            }
            else
            {
                echo '<script>alert("Password matched")</script>';
                header("location: index.php");
                $_SESSION['id'] = $row['id'];
                $_SESSION['user'] = $myusername;
                $_SESSION["startTime"] = date("r"); 
            }
        }
    }
}
?>
4
Contributors
4
Replies
81
Views
1 Year
Discussion Span
Last Post by PsychicTide
0

Is index.php located in the same folder? Have you tried to simply echo instead of setting session vars and redirecting? Have you tried absolute or explicit relative URLs to rule out domain/scope issues (e.g. http://www.whatever.com/admin/index.php or ./index.php instead of index.php)? Are there any console errors or flags in network queries (F12)?

Looked interesting...

Per RFC 3986, under Section 4.2 or appendix A:
.
URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
.
where hier-part can be "//" for authority path-abempty, "/" path-absolute, path-rootless or path-empty.
.
If you think about it, when you use "http://", the "//" denotes the root of the available path. That's why different protocol > schemes don't need it like Skype. It uses "skype:echo123?call" which will call the user "echo123". No "//" needed since there is no "root".
.
So yes, it's valid. But since that exact usage is a little off the normal pattern setup in today's browsers, your milage may vary. It does work in IE9.
.
--- Stack overflow response (Steven V)

Edited by PsychicTide

1

Do you get shown one of your alert messages when entering a correct username and password or does it not show any of the alerts?

You are trying to set $_SESSION variables (lines 41-43) after you redirect the user to index.php (line 40).

Also, it's not a good idea to tell the user which part of their login attempt failed. If a mallicious user gets a message saying the password is incorrect, then they know the username they tried is correct and they now only have to guess the password. It would be better to just run the last query you have and if there are no matches show a generic message like "username / password combination invalid".

1

If you are going to use header('Location: ...'), you cannot use echo. So your else clause should be:

            ...
            else
            {
                $_SESSION['id'] = $row['id'];
                $_SESSION['user'] = $myusername;
                $_SESSION["startTime"] = date("r");

                //you call header AFTER you have set your session variables.
                header("Location: index.php");
                exit;
            }
0

The difference between programmer thinking and computer scientist thinking is evident :)

Edited by PsychicTide

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.