Member Avatar for davy_yg

Hello, I wonder what's the different between online and offline. This script works offline, after I have it online, there are some problems occur. For instance, after login to the admin with the correct username and password, I suppose to be taken to the admin page, instead I get stucked at 1. (echo $count).

Last time, I had mixed up slash "/" and backslash "\"

slash works offline (in windows) then after upload it online the web hosting customer support said it suppose to be backslash (in linux).

This time, I wonder why the script stuck at 1.

proses.php

<?php

$servername = "localhost";
$username = "root";
$password = "";
$database = "rustoleum";

mysql_connect($servername, $username, $password) or die("Not connected");
mysql_select_db($database) or die("Not connected to the database");


/* the files */

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$encrypted_password = md5($password);

$sql=("SELECT * FROM user WHERE username='$username' and password='$encrypted_password'") or die(mysql_query);
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

echo $count; 
echo "lanjut";
// If result matched $username and $password, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("password");
header("location:admin.php");
}
else {
echo "Wrong Username or Password";
}
?>
  • 2 Contributors
  • 3 Replies
  • 133 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by davy_yg
Member Avatar for R0bb0b

K, a few things here:
first, If you have purchased a hosting account from a company, I doubt that your username is going to "root" and your servername is going to be localhost.

second: this line doesn't make sense:

$sql=("SELECT * FROM user WHERE username='$username' and password='$encrypted_password'") or die(mysql_query);

and should be:

$sql="SELECT * FROM user WHERE username='$username' and password='$encrypted_password'";

I have not seen this in a long time, it is depricated and now completely removed in 5.4:

session_register("password");

The correct way to work with sessions nowdays is to modify the super global directly with

$_SESSION['varname'] = "value";

So make those changes, confirm with your hosting company the username and hostname that you are suppose to be using and try again.

Member Avatar for davy_yg

ok I revise some things:

$sql = "SELECT * FROM user WHERE username='$username' and password='$encrypted_password'" or die(mysql_query);
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

echo $count; 
// If result matched $username and $password, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
// session_register("username");
// session_register("password");

$_SESSION['username'] = $username;
$_SESSION['password'] = $encrypted_password;

header("location:admin.php");
}
else {
echo "Wrong Username or Password";
}

Still the result of the script is 1.

Member Avatar for davy_yg

I wonder why it doesn't take me to the next screen. I am sure there something wrong among this lines:

$_SESSION['username'] = $username;
$_SESSION['password'] = $encrypted_password;
header("location:admin.php");

Also, for offline I still have to use session_register() those codes won't work. I can't even login. Now, I can login offline with session_register() but not to my uploaded online web.

Edited by davy_yg
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.