Member Avatar for servis

The following login script is not working, i am unable to trace the problem, please anybody help me...

<?php 

include ("template/login.tpl.htm");

session_start();
if (isset($_POST['userid']) && isset($_POST['userpassword'])) {
	include 'library/config.php';
	include 'library/opendb.php';
	
	$userId   = $_POST['userid'];
	$password = $_POST['userpassword'];
	
	// check if the user id and password combination exist in database

	$sql = "SELECT user_id,user_password 
	        FROM tbl_auth_user
	WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
	
	$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
	if (mysql_num_rows($result)==1) {
		// the user id and password match, 
		// set the session
		$_SESSION['db_is_logged_in'] = true;
		$_SESSION['userid']= $userId;

		// after login we move to the main page
		header('Location: index.php');
		exit;
	} else {
	echo "Sorry, wrong user id / password";
	echo "$sql";
	}
	
	include 'library/closedb.php';
}else {
echo "please supply your id and password";
}
?>

thanks in advance..

  • 5 Contributors
  • 10 Replies
  • 131 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by nav33n
Member Avatar for Suhacini

What is the error you are getting?

Member Avatar for servis

the error is "Sorry, wrong user id / password".

Member Avatar for Suhacini

Try this:

include("session.php");

$userId   = $_POST['userid'];
$password = $_POST['userpassword'];


$sql = "SELECT user_id,user_password 
FROM tbl_auth_user WHERE user_id = '$userId' AND user_password = '$password'";


$res=mysql_query($str);

if(mysql_num_rows($res)!=0)
{
  $_SESSION['userId']=$userId;
  header("location:nextpage.php");
}

else
 header("location:login.php");
?>

and session.php is

<?php

session_start();

if($_SESSION['userId']=='')
  header("Location:login.php");
?>
Member Avatar for servis

thanks Suhacini for your valueable help, but the script provided by you is not working, i tried in every aspect.

Member Avatar for Suhacini

Is it so..But it is working for me.what is the error message your getting?

Member Avatar for servis

the browser is not opening it....

Member Avatar for Suhacini

Hey its working I have checked it once again.check these once $_POST the userid here must be the textbox name, and user_id must be same as the field name in your table.

Member Avatar for hivenk

write the query like this

$sql = "SELECT user_id,user_password 
	        FROM tbl_auth_user
	WHERE user_id = '".$userId."' AND user_password = PASSWORD('".$password."')";
Member Avatar for Ole Raptor

Suhacini's code looks good but a small typo i think

$res=mysql_query($str);

change to:

$res=mysql_query($sql);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.