Hi I am quite new to PHP. All of today I have been working on a PHP user login script. I got it working fine, then I added some HTML to make it look better. The page shows up, but when i write my username and password in it just refreshes the screen. Can anyone help me. The code should be below. If you need the whole project, say.

<?php
include("conf.inc.php"); // Includes the db and form info.
session_start(); // Starts the session.
if ($_SESSION['logged'] == 1) { // User is already logged in.
	header("Location: index.php"); // Goes to main page.
	exit(); // Stops the rest of the script.
} else {
	if (!isset($_POST['submit'])) { // The form has not been submitted.
	echo "<html><body bgcolor='#f1f1f1' text='#000000' link='#33cc00'>
<table align='center' width='40%'>
<br><br><td><font face=\"arial\" size=\"2\">Log in</font></td>
</table>
<table align='center' width='40%' bgcolor='#FFFFFF' style='borger-color:#999999;border-style:solid;border-width:1px'>
<tr>
<td>
<br>
<center>
<form action=\"login.php\" method=\"POST\">";
echo "
<input name=\"username\" type=\"text\" size=\"25\" /><br>
<input name=\"password\" type=\"password\" size=\"25\" /><br>
<input type=\"submit\" value=\"Submit\" />
</form>
<br></font>

</center>
</td>
</tr>

</table>
</body>
</html>
";


	} else {
		$username = form($_POST['username']);
		$password = md5($_POST['password']); // Encrypts the password.
 
		$q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query
		$r = mysql_num_rows($q); // Checks to see if anything is in the db.
 
		if ($r == 1) { // There is something in the db. The username/password match up.
			$_SESSION['logged'] = 1; // Sets the session.
			header("Location: index.php"); // Goes to main page.
			exit(); // Stops the rest of the script.
		} else { // Invalid username/password.
			exit("Incorrect username/password!"); // Stops the script with an error message.
		}
	}
}
mysql_close($db_connect); // Closes the connection.
?>

Here is the working code.

<?php
include("conf.inc.php"); // Includes the db and form info.
session_start(); // Starts the session.
if ($_SESSION['logged'] == 1) { // User is already logged in.
	header("Location: index.php"); // Goes to main page.
	exit(); // Stops the rest of the script.
} else {
	if (!isset($_POST['submit'])) { // The form has not been submitted.
		echo "<form action=\"login.php\" method=\"POST\">";
		echo "<table>";
		echo "<tr>";
		echo "<td colspan=\"2\">Login:</td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />";
		echo "</tr>";
		echo "<tr>";
		echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"submit\"</td>";
		echo "</tr>";
		echo "</table>";
		echo "</form>";
	} else {
		$username = form($_POST['username']);
		$password = md5($_POST['password']); // Encrypts the password.
 
		$q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query
		$r = mysql_num_rows($q); // Checks to see if anything is in the db.
 
		if ($r == 1) { // There is something in the db. The username/password match up.
			$_SESSION['logged'] = 1; // Sets the session.
			header("Location: index.php"); // Goes to main page.
			exit(); // Stops the rest of the script.
		} else { // Invalid username/password.
			exit("Incorrect username/password!"); // Stops the script with an error message.
		}
	}
}
mysql_close($db_connect); // Closes the connection.
?>

Sorry, it is quite messy :)

you need to have your trailing slashes on all " and '

You need to debug the code to see why it is doing what it is doing. When I started in computers they filled a good size room and computer time was so valuable that you had to desk check your code for problems because there was no other option. I think that we are well past that. That is not to say that you shouldn't have a look for an obvious problem but if it isn't obvious then you can let the machine help you. If you are going to be a (PHP) programmer then you need to develop a debugging approach and you will probably want to get a debugging tool to help you. I built my own but there are open source debugging tools that you can get.

So back to your problem! For starters, you have a version of your form in both modules. The first thing that I would want to know (if I were you) is which module am I in when the screen "refreshes". It is re-displaying your form but which version is getting displayed. If you are in the Login module and it just keeps re-displaying the form when you click on the Submit button then your IF statement isn't working the way you expected. In that case, i'd want to see what the actual data value is. That can be as simple as echo'ing the value to see if it what you expected. You just keep narrowing it down until the problem is obvious or until you see that the data isn't what you expected but you can't figure out why. That might be the point at which it would make sense to post something and ask for help.

Someone else may look at your code and pick out the problem for you but that doesn't change the fact that dumping a bunch of code without going through some debugging steps on your own isn't the right way to go.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.