Login script question

Question

shapeape 0 Newbie Poster

11 Years Ago

Hi again,

My login script seemed to be up and running. I was almost ready to crack open a bottle of vin-de-rouge to celebrate as it's a little milestone for me. However, it appears to have abruptly stopped functioning and I'm yet to determine the cause of this. Could I ask for a script-check over to see if there is anything apparent to whats going on - username and password fields are filled but it submitting the form causes the page to reload. None of the checks are flagged (username/password wrong for instance)

Thanks

 <?php

$con=mysqli_connect("x","x","x","x");//Would you believe I spent hours trying
//to get this to work properly from a method OOP style. Instantising references,
//pseudo variables etc. In the end it proved much more tricky than I thought.



if(isset($_POST['submit'])){

$user=$_POST['user']; 
$password=$_POST['password'];

//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
    {    

        $user = stripslashes($user);
        $password = stripslashes($password);
        $user = mysqli_real_escape_string($con, $user);
        $password = mysqli_real_escape_string($con, $password);

        //SQL Injection Ahoy! I know...but future versions aim to be robust!

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";
$result=mysqli_query($con, $sql);

$row=mysqli_fetch_array($result);

if($row[0]==1)
{
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['password'] = $password;
    $_SESSION['loggedin'] = "true";
    header("location:index.php");
}
        else
        {
            print ('<div id="error">Acess denied, wrong username or password?</div>');
        }
        }
        else
            {
            print ('<div id="error">Enter something!</div>');
        }

}

    ?>





 <form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'];?>">
  <legend>Login </legend> 
  <p>Please enter your username and password to access the administrator's panel</p>

   <label for="user"> <input type="text" name="user" placeholder="Type your username here" id="user" /></label> 
   <label for="password"> <input type="password" name="password" placeholder="Type your password here" id="password" /></label>
   <label for="submit"> <input type="submit" class="btn btn-primary"name="submit" id="submit" value="Login" /> </label> </fieldset> </form>

Just a thought. Could the issue be due to "LIMIT 1" on the SQL query. Or could my session be messed up somehow?

php

4 Contributors
7 Replies
241 Views
9 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by shapeape

phorce 131 Posting Whiz in Training

11 Years Ago

Hello,

There are a few problems within your code but, this stands out for me:

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";

Do you really need the LIMIT 1 here? I wouldn't say so, because, this SQL statement can only really return one row if you have set up your database correctly.. (I.e. primary keys.. Assuming that only ONE user can have that one USERNAME once). I would do this:

`$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}'";

And a suggestion:

$result=mysqli_query($con, $sql) or die("Blah blah");

Hope this helps you a bit :)

As someone else mentioned on your other thread, try to use the OO mysqli.

JorgeM 958 Problem Solver

11 Years Ago

... but it submitting the form causes the page to reload....

The same page is loading because your form's action attribute is specifying that the target page is itself.

 action="<?php $_SERVER['PHP_SELF'];?>"

Reference --> http://php.net/manual/en/reserved.variables.server.php

Edited 11 Years Ago by JorgeM

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

shapeape 0 Newbie Poster · Answer 1 · 2013-07-27T23:12:31+00:00

Thanks for the help....

Still no luck though, entering in the correct username and password makes the page reset the fields. I'm really lost here...

shapeape 0 Newbie Poster · Answer 2 · 2013-07-27T23:21:22+00:00

Wait. Seems to be something to do with this code I put on the page it redirects to :

     if(!isset($_SESSION["loggedIn"])){ //Kick you back to login if your not logged in
                header("Location: login.php");
                exit;
            }

Any thoughts?

shapeape 0 Newbie Poster · Answer 3 · 2013-07-27T23:37:30+00:00

shapeape 0 Newbie Poster

11 Years Ago

NM, I figured it out :)

TomH.PG 1 Newbie Poster · Answer 4 · 2013-07-28T02:25:39+00:00

for reference, the submit input element appears to have a missing whitespace character before the name attribute. This would cause your submitted form to not have $_POST['submit'] which would explain the reload. If that is not what you fixed, let us know :)

shapeape 0 Newbie Poster · Answer 5 · 2013-07-28T08:17:49+00:00

It was isset($_SESSION["loggedIn"])){

VS

 if(!isset($_SESSION["loggedin"])){ // DOH