I have written a login page but each time I login it returns a blank page even with a wrong password please help:
the login page is as follows:

</head>

<body>
	<div id="wrapper">
    	<form action="methods/login.php" method="post">
		<ul>
        	<li><label>Username:</label><input type="text" name="username" size="10" value="<?php echo htmlentities("$username"); ?>" /></li>
            <li><label>Password:</label><input type="password" name="password" size="10" value="<?php echo htmlentities("$password"); ?>" /></li>
            <li><input type="submit" name="login" value="Log In" /></li>
            <li><input type="submit" name="join" value="Join" />
        </ul>
        </form>
      </div>
</body>
</html>

and the php login script is

<?php
	/**
	** handles the login feature of the sote 
	** check username and password with variables in the database
	*/
		require_once("../includes/ikobe.php");
		
		if (isset($_POST['username']) &&isset($_POST['password']))
		{
			$username = $_POST['username'];
			$password = $_POST['password'];
			
			$pass = sha1($password);
				
				if (!empty($username) &&!empty($password))
				{
					$query = "SELECT 'id' FROM 'users' WHERE username= '$username' AND password='$pass'";
					
					if ($query_run = mysql_query($query))
					{
						$query_num_row = mysql_num_rows($query_run);
						
							if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}
						
					}
				}
				else
				{
					echo 'You must supply a username and password.';
				}
		}
		
		

?>

any help will be greatly appreciated

Instead of

if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}

TRY

if($query_num_row == 0)
{
 echo "Invalid username/ password combination";                                    
die();
}

echo "ok.";
Member Avatar for diafol

You haven't got any error msg for when post vars not set. ANyway - are the connection details included somewhere?

You haven't got any error msg for when post vars not set. ANyway - are the connection details included somewhere?

I think the error is that he only settled with only 0 or 1 of returned value of the database.

You can try:

$username = $_POST['username'];
$password = $_POST['password'];
var_dump($username,$password ); // If tha it is ok continue dumping...
//...
var_dump(mysql_query($query)); // see what it returns on correct incorrect and empty
var_dump( mysql_num_rows($query_run));
if ($query_run = mysql_query($query))
//....

You should try more debugging first before you post question.

i have rewrite your code and made it little simple for by using JQ.I have use while loop in the php code for getting the username and password from the DB.

<?php
  //  require_once("../includes/ikobe.php");
     
    if (isset($_POST['username']) &&isset($_POST['password']))
    {
		$con = mysql_connect("localhost","root","");
        $db_selected = mysql_select_db("check", $con);
     
	 $username = $_POST['username'];
     $password = $_POST['password'];
     
  //  $pass = sha1($password);
     
    if (!empty($username) &&!empty($password))
    {
    $query = "SELECT `id`,`username`, `password` FROM `testing` WHERE `username` = '$username' AND `password` ='$password'";
     $result=mysql_query($query);
	 
	 while($check = mysql_fetch_array($result))
	 {
    $USER = $check['username'];
	 $PASS = $check['password'];
	 }
	 
	 if($_POST['username']==$USER && $_POST['password']==$PASS)
	 {
header("location: test.php");// rewrite the page into header where you want to redirect after  
// login  into 
	 }}
	 }
    ?>
    
<html>
<head>

<script src="js/jquery.js"></script>

<script>
$(document).ready(function(){
						   
	    $("#submit").click(function(){
		
		var check1 = $("#username").val();
		var check2 = $("#password").val();
		var username1 ="username";  // username is same as username name from DB
		var password2 ="password"; // password is same as username name from DB
		
		if(check1 != username1)
		{
		alert("Username not valid");
		}
	
	    if(check2 != password2 )
		{
	    alert("password not valid");
	    }
	});					   
});

</script>

    </head> 
    <body>
    
    <div id="wrapper">
    <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <ul>
    <li><label>Username:</label><input type="text" name="username" id="username" size="10" value="<?php echo htmlentities("$username"); ?>" /></li>
    <li><label>Password:</label><input type="password" name="password"  id="password" size="10" value="<?php echo htmlentities("$password"); ?>" /></li>
    <li><input type="submit" name="login" id="submit" value="Log In" /></li>
    <li><input type="submit" name="join" value="Join" /></li>
    </ul>
    </form>
    </div>
    
    </body>
    </html>

if you have any Question can ask me

I have changed afew parts and added the var_dump feature. It displays the input characters but even with a wrong password still returns a blank pagebut displays the values entered via the var_dump. If no values are entered the if returns enter username or password.
cant work why it displays the blank page?

-<?php
	/**
	** handles the login feature of the sote 
	** check username and password with variables in the database
	*/
		
		require_once("../includes/ikobe.php");
		
		if (isset($_POST['username']) &&isset($_POST['password']))
		{
			$username = $_POST['username'];
			$password = $_POST['password'];
			var_dump($username,$password);
		
			$pass = sha1($password);
				
				 
				
				if (!empty($username) &&!empty($password))
				{
					$query = "SELECT 'id' FROM 'users' WHERE username= '$username' AND password= '$pass'";
														
					if ($query_run = mysql_query($query))
					{
						$query_num_row = mysql_num_rows($query_run);
						
							if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
								die();
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}
						
					}
				}
				else
				{
					echo 'You must supply a username and password.';
				}
		}
		
		
 
?>

if I enter the connection script it still displays a blank page?

Your query is using the wrong quotes.

$query = "SELECT `id` FROM `users` WHERE username= '$username' AND password= '$pass'";
commented: yes... correct solution. +6

where is the login forms html part??

try with the code

# the name of the submit button??
if(isset($_REQUEST['submit_button_name'])){
  // Rest Code here..
  $username = $_POST['username'];
			$password = $_POST['password'];
			var_dump($username,$password);
		
			$pass = sha1($password);
				
				 
				
				if (!empty($username) &&!empty($password))
				{
					$query = "SELECT 'id' FROM 'users' WHERE username= '$username' AND password= '$pass'";
														
					if ($query_run = mysql_query($query))
					{
						$query_num_row = mysql_num_rows($query_run);
						
							if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
								die();
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}
						
					}
				}
				else
				{
					echo 'You must supply a username and password.';
				}
}

Sorry for the last one try this

# the name of the submit button??
if(isset($_REQUEST['submit_button_name'])){
  // Rest Code here..
  $username = $_POST['username'];
			$password = $_POST['password'];
			var_dump($username,$password);
		
			$pass = sha1($password);
				
				 
				
				if (!empty($username) &&!empty($password))
				{
					$query = "SELECT id FROM users WHERE username= '$username' AND password= '$pass'";
														
					if ($query_run = mysql_query($query))
					{
						$query_num_row = mysql_num_rows($query_run);
						
							if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
								die();
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}
						
					}
				}
				else
				{
					echo 'You must supply a username and password.';
				}
}

Sorry for the last one try this

You can change your own posts within 30 minutes, by using the [Edit] button on the left.

You can change your own posts within 30 minutes, by using the [Edit] button on the left.

@pritaeas I am sorry but i didn't knew this feature to edit the own post with in 30 minutes. Thank you to tell me Sir...

I have changed afew parts and added the var_dump feature. It displays the input characters but even with a wrong password still returns a blank pagebut displays the values entered via the var_dump. If no values are entered the if returns enter username or password.
cant work why it displays the blank page?

-<?php
	/**
	** handles the login feature of the sote 
	** check username and password with variables in the database
	*/
		
		require_once("../includes/ikobe.php");
		
		if (isset($_POST['username']) &&isset($_POST['password']))
		{
			$username = $_POST['username'];
			$password = $_POST['password'];
			var_dump($username,$password);
		
			$pass = sha1($password);
				
				 
				
				if (!empty($username) &&!empty($password))
				{
					$query = "SELECT 'id' FROM 'users' WHERE username= '$username' AND password= '$pass'";
														
					if ($query_run = mysql_query($query))
					{
						$query_num_row = mysql_num_rows($query_run);
						
							if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
								die();
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}
						
					}
				}
				else
				{
					echo 'You must supply a username and password.';
				}
		}
		
		
 
?>

if I enter the connection script it still displays a blank page?

I told you that this is the problem.

if ($query_num_row==0)
							{
								echo 'Invalid username / password combination';
								die();
							}
							else if ($query_num_row==1)
							{
								echo 'ok.';
							}

You were using Else if. That means there is another value that doesn't satisfy the condition of 1 and 0

As pritaeas suggest, Your quotes in the query are the problem. so replace ' with ` in the field name and table name like this.

$query = "SELECT `id` FROM `users` WHERE username= '$username' AND password= '$pass'";

Thanks Priteas I did not know of the different ` and ' commas. But am still getting the same result have tried not using the commas but the page returns a blank page.
any ideas because the logic seems right.
thanks for the input.

this line of code is totally incorrect and fails every time, but there is no else statement alerting you to this fact. it must be changed.

if ($query_run = mysql_query($sql)) {

I've added in some db connection code but you should be able to follow along, there are some echos as well just so you can see what is happening.
this is tested sha1 as password users table with id,username,password fields

define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASS','');
define('DB_BASE','test');	
if (isset($_POST['login'])) {
	if (isset($_POST['username']) &&isset($_POST['password'])) {
		$username = $_POST['username'];
		$password = $_POST['password'];
	 
		$pass = sha1($password);
		echo "process username = " . $username . "<br />";
		echo "process pass = " . $password . "<br />";
		echo "process sha = " . $pass . "<br />";
		if (!empty($username) &&!empty($password)) {
			
			$dblink = null;
			try	{
				$dblink = mysql_connect(DB_HOST,DB_USER,DB_PASS);
				mysql_select_db(DB_BASE,$dblink);
			} catch(Exception $ex) {
				echo "Could not connect to " . DB_HOST . ":" . DB_BASE . "\n";
				echo "Error: " . $ex->message;
				exit;
			}			// changed query from id to *... you can change back to id if that is all you want.
			$sql = "SELECT * FROM `users` WHERE username= '$username' AND password='$pass'";
			$retid = mysql_query($sql,$dblink) or die(mysql_error());
			if (!$retid) { 
				echo( mysql_error()); 
			} else {
				echo "retid = ok!!!!!<br>";
			}
			if ($row = mysql_fetch_array($retid)) {	
				$thisid = $row['id'];
				$thisuser = $row['username'];
				$thispass = $row['password'];
				echo "found id = " . $thisid . "<BR>";
				echo "found thisuser = " . $thisuser . "<br>";
				echo "found pass = " . $thispass . "<BR>";
			}
		
			if(is_resource($dblink)) {		
				mysql_close($dblink);
			}			
			//if ($query_run = mysql_query($sql)) {
			if ($retid) { 
				$query_num_row = mysql_num_rows($retid);
				echo "query num row = " . $query_num_row . "<BR>";
				if ($query_num_row==0) {
					echo 'Invalid username / password combination';
				} else if ($query_num_row==1) {
					echo 'ok.';
				} 
			} else { 
				echo "QUERY RUN WAS FALSE, unexpected result!!!";
				//  this was returning every time on the query_run = mysql... line above, which would never pass that line
			}
		} else {
			echo 'You must supply a username and password.';
		}
	}
}

Thanks alot to you all I can now continue to develop the next step add user levels for various categories. The code is running without any logic errors and login in properly. Greatly appreciate the help.

Mark this thread as solved if your problem solved.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.