Login form

Question

phphp 14 Junior Poster in Training

8 Years Ago

Sir, please help me to locate the error, if user not found or wrong user name password etc then all codes work fine but when I enter correct user name and password then no result.

<?php
session_start();
require_once("includes/connect.php");
require_once("includes/functions.php");
if(isset($_POST['login']))
{   
    $muser=clean($_POST['username']); 
    $mpass=clean($_POST['password']); 
    if(empty($muser))
    {
        echo ('<script type="text/javascript">alert("User name must not be empty")</script>');
    }
    elseif (empty($mpass))
    {
        echo ('<script>alert("Password must not be empty")</script>');
    }
    else
    {
        $query1="SELECT * FROM admin where user ='". $muser ."' ";
        $result1=mysqli_query($con,$query1)or die ("Error". mysqli_error($con)) ;  
        $count1=mysqli_num_rows($result1); 
        if($count1==0)
        {
            echo ('<script>alert("User not found")</script>');
        }
        else
        {
            $query="SELECT * FROM admin where user ='".$muser."' and pass='".$mpass."'";
            echo 'Query='. $query;
            $result=mysqli_query($con,$query)or die ("Error". mysqli_error($con)) ;  
            $row=mysqli_fetch_array($result);
            $count=mysqli_num_rows($result); 
            if($count==0)
            {
                echo '<script>alert("Password is invalid")</script>';
            }
            else
            {
                echo '<script>alert("Password matched")</script>';
                header("location: index.php");
                $_SESSION['id'] = $row['id'];
                $_SESSION['user'] = $myusername;
                $_SESSION["startTime"] = date("r"); 
            }
        }
    }
}
?>

php

4 Contributors
4 Replies
343 Views
1 Day Discussion Span
Latest Post 8 Years Ago Latest Post by PsychicTide

Zagga

8 Years Ago

Do you get shown one of your alert messages when entering a correct username and password or does it not show any of the alerts?

You are trying to set $_SESSION variables (lines 41-43) after you redirect the user to index.php (line 40).

Also, it's not a good idea to tell the user which part of their login attempt failed. If a mallicious user gets a message saying the password is incorrect, then they know the username they tried is correct and they now only have to guess the password. It would be better to just run the last query you have and if there are no matches show a generic message like "username / password combination invalid".

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

PsychicTide 42 Junior Poster · Answer 1 · 2016-05-31T23:36:11+00:00

Is index.php located in the same folder? Have you tried to simply echo instead of setting session vars and redirecting? Have you tried absolute or explicit relative URLs to rule out domain/scope issues (e.g. http://www.whatever.com/admin/index.php or ./index.php instead of index.php)? Are there any console errors or flags in network queries (F12)?

Looked interesting...

Per RFC 3986, under Section 4.2 or appendix A:
.
URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
.
where hier-part can be "//" for authority path-abempty, "/" path-absolute, path-rootless or path-empty.
.
If you think about it, when you use "http://", the "//" denotes the root of the available path. That's why different protocol > schemes don't need it like Skype. It uses "skype:echo123?call" which will call the user "echo123". No "//" needed since there is no "root".
.
So yes, it's valid. But since that exact usage is a little off the normal pattern setup in today's browsers, your milage may vary. It does work in IE9.
.
--- Stack overflow response (Steven V)

hielo 65 Veteran Poster · Answer 2 · 2016-06-01T15:31:00+00:00

If you are going to use header('Location: ...'), you cannot use echo. So your else clause should be:

            ...
            else
            {
                $_SESSION['id'] = $row['id'];
                $_SESSION['user'] = $myusername;
                $_SESSION["startTime"] = date("r");

                //you call header AFTER you have set your session variables.
                header("Location: index.php");
                exit;
            }

PsychicTide 42 Junior Poster · Answer 3 · 2016-06-01T22:02:40+00:00

The difference between programmer thinking and computer scientist thinking is evident :)