Member Avatar for zelrick

Hello DaniWeb Users;

I'm not a good coder here please hold on me,

My machine is linux ubuntu 14.04 and I install apache2 also the php5.

I was trying to create a simple log in page here (no registration thing)

So in mysql I just create 3 fields (user_id, username, password)

This is my connection script called dbconnect.php

<?php
$servername = "localhost";
$username = "root";
$password = "pagasa";

// Create connection
$conn = new mysql($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>

and this is my log in script called login.php

<?php
        ob_start();
        session_start();
        require_once 'dbconnect.php';

        if ( isset($_SESSION['user'])!="" ) {
                header("Location: home.php");
                exit;
        }

        if ( isset($_POST['btn-login']) ) {

                $uname = $_POST['username'];
                $upass = $_POST['password'];

                $uname = strip_tags(trim($uname)));
                $upass = strip_tags(trim($upass)));

                $password = hash('pagasa', $upass);

                $res=mysql_query("SELECT password FROM user WHERE username='$uname'");

                $row=mysql_fetch_array($res);

                $count = mysql_num_rows($res);

                if ( $count == 1 && $row['password']==$password ) {
                        $_SESSION['user'] = $row['user_id'];
                        header("Location: home.php");
                } else {
                        $errMSG = "Not valid, Please Try again..!";
                }
        }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html"; charset=utf-8 />
<title>Login Page</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />

</head>

<body>

        <div class="container">

        <div id="login-form">
                <form method="post" autocomplete="off">

                <div class="col-md-12">

                        <div class="form-group">
                                <h2 class="">Sign In.</h2>
                        </div>

                        <div class="form-group">
                                <hr />
                        </div>

                <?php
                        if ( isset ( $errMSG ) ) {

                ?>

                <div class="form-group">
                        <div class="alert alert-danger">
                <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
                        </div>
                </div>

                <?php

                }

                ?>

                <div class="form-group">
                        <div class="input-group">
                                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
                                <input type="text" name="username" class="form-control" placeholder="Your Username" required />
                </div>
                </div>

                <div class="form-group">
                        <div class="input-group">
                                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
                                <input type="password" name="password" class="form-control" placeholder="Your Password" required />
                        </div>
                </div>

                <div class="form-group">
                        <hr />
                </div>

                <div class="form-group">
                        <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
                </div>

                <!--This will be add if Registration will be implement
                <div class="form-group">
                        <a href="register.php">Sign Up..</a>
                </div>
                -->

                </div>
        </form>
        </div>

</div>

</body>

</html>

So I just created a simple homepage called home.php

<?php
        ob_start();
        session_start();
        require_once 'dbconnect.php';

        if ( !isset ( $_SESSION['user'] ) ) {
                header("Location: index.php");
                exit;
        }

        $res=mysql_query("SELECT * FROM user WHERE user_id=".$_SESSION['user']);
        $userRow=mysql_fetch_array($res);
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html"; charset=utf-8" />
<title>Welcome to Test Homepage - Mr/Mrs. <?php echo $userRow['username']; ?> </title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>

Test Only

</body>
</html>

Afterwards I run my browser (firefox) localhost/Test/

And click the login.php and gives me a blank page.

I can't see my error here is it in my script or do I miss anything here?

I do run .html file extensions and yes I can run it successfully.

But not on .php file extensions.

Please help to find what could be the problem and please review my code/script coz I'm not good in programming.

Thank you and God Bless.

  • 2 Contributors
  • 11 Replies
  • 703 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by cereal
Member Avatar for cereal

Hi,

in the dbconnect.php file you have this line:

$conn = new mysql($servername, $username, $password);

which is wrong. In PHP there are three APIs that you can use: mysql, mysqli and PDO. The first is deprecated in PHP 5.* and removed from the latest version (7). I think here you want to use new mysqli() info here.

In the other files you are not using anymore the connection created by the dbconnect.php file, instead you're using the functions of the deprecated API: mysql_query() and so on. You have to convert your script to mysqli or PDO.

Read: http://php.net/manual/en/mysqlinfo.api.choosing.php

And once you decided which to use between mysqli or PDO learn, first of all, to use prepared statements:

don't ignore this practice, it will help you to write safer scripts.

Member Avatar for zelrick

Hello Sir Cereal,

I remove mysql to get the mysqli and also my php5 to get php7.. I even change my apache2 to nginx and I think I mess up in removing this items.

When I was trying to undo what I done everything has been not working lol

So I erase my work and recreate my ubuntu.

Can you give me what I need to install software to make this work please.

Thank you and God Bless

Member Avatar for cereal

When I was trying to undo what I done everything has been not working lol

it happens :) that's a good reason to use virtual machines, so the base system is not altered by changes.

Anyway, if yours is a development box, you have PHP >= 5.4 and you don't have to test specific web server modules, then you can use the PHP built-in server, open a terminal and run:

php -S localhost:8000 -t /var/www/website001/

then you can access the website by browsing on http://localhost:8000/index.php

The -t feature, used to define the docroot, is optional, you can just browse to the website directory (eg cd /path/) and start the server:

php -S localhost:8000

If you want to start another concurrent server just change the port and go on. Important:

The web server runs a only one single-threaded process, so PHP applications will stall if a request is blocked.

In other words, sometimes it just crashes, so you have to kill the process. For more information use man php or php -h and read the online documentation:

If, instead, you still want to use NGINX then you have to install PHP-FPM (see apt-cache show php5-fpm) and configure the server to forward the scripts to the PHP daemon. Start from here:

Member Avatar for zelrick

Hello Sir Cereal,

I done install php5 and mysql aswell the apache2..

I'm back from nowhere again.

I follow some youtube simple login using html as the front end and php as the backend...

login.html

<html>
<head>
<title>Account Login</title>
</head>
<body>

<form name="Login-Form" id="login-form" method="post" action="login.php">
        <fieldset>
        <legend>NMS Products Access</legend>
        <dl>
                <dt>
                        <label title="username">Username:
                        <input tabindex="1" accesskey="u" name="uname" type="text" maxlength="255" id="username" />
                        </label>
                </dt>
        </dl>

        <dl>
                <dt>
                        <label title="password">Password:
                        <input tabindex="2" accesskey="p" name="pwd" type="password" maxlength="255" id="password" />
                        </label>
                </dt>
        </dl>
<dl>
                <dt>
                        <label title="submit">
                        <input tabindex="3" accesskey="s" type="submit" name="cmdlogin" value="Login" />
                        </label>
                </dt>
        </dl>

        </fieldset>
</form>
</body>
</html>

and login.php

?php

$host="localhost";

$username="root";

$password="pagasa";

$db_name="nms";

$tbl_name = "users";

$conn = mysqli_connect("$username","$password")or die("Cannot Connect!");

mysqli_select_db("$db_name")or die("Cannot Select DataBase");

$myusername=$_POST['uname'];

$mypassword=$_POST['pwd'[;

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysqli_real_escape_string($myusername);

$password = mysqli_real_escape_string($mypassword);

$sql="select * from $tbl_name where pwd='$mypassword' and name='$myusername'";

$result=mysqli_query($sql,$conn);

$conn=mysqli_num_rows($result);

if ($count == 1)
{
        echo "***Login Successfully***";
}

else

{
        echo "***Authentication Failure***";
}

?>

and still I come to a blank page after clicking the button.

But checking the info.php it appears.

I can't find the problem.

I didn't use the Nginx since I still use the php5.. and I use mysqli instead of mysql.. and I still use the apache2

but still not good. :((

Member Avatar for cereal

Is the Apache access log registering the requests? Are you accessing the form page from the server or through file:///?

There are some errors at lines 25, 27, 31 and 33 of the login.php file:

$myusername = mysqli_real_escape_string($myusername);
$password = mysqli_real_escape_string($mypassword);
$result = mysqli_query($sql,$conn);
$conn = mysqli_num_rows($result);

Add the connection parameter to the escape functions, reverse the parameters in the query function and, in the last line, change $conn with $count:

$myusername = mysqli_real_escape_string($conn, $myusername);
$password = mysqli_real_escape_string($conn, $mypassword);
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);

You should enable error reporting by adding this on top of your scripts:

error_reporting(E_ALL);

Docs to read:

Edited by cereal
Member Avatar for zelrick

Hello Sir Cereal,

I'm abit confuse about

Is the Apache access log registering the requests? Are you accessing the form page from the server or through file:///?

In my firefox browser, I type this.. localhost/portal/Test/login.html

I think I set my localhost as /var/www/html

Currently I change the lines that you have suggested.

<?php

error_reporting(E_ALL);

$host="localhost";

$username="root";

$password="pagasa";

$db_name="nms";

$tbl_name = "users";

$conn = mysqli_connect("$username","$password")or die("Cannot Connect!");

mysqli_select_db("$db_name")or die("Cannot Select DataBase");

$myusername=$_POST['uname'];

$mypassword=$_POST['pwd'[;

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysqli_real_escape_string($conn, $myusername);

$password = mysqli_real_escape_string($conn, $mypassword);

$sql="select * from $tbl_name where pwd='$mypassword' and name='$myusername'";

$result=mysqli_query($conn, $sql);

$count=mysqli_num_rows($result);

if ($count == 1)
{
        echo "***Login Successfully***";
}

else

{
        echo "***Authentication Failure***";
}

?>

and I just run "sudo service apache2 restart" just to be sure..

and yet still no output after filling up and clicking the login button still no output and give me a blank page.

and there is no error appear even I add "error_reporting(E_ALL);" in my login.php file.

By the way, my mysql database name is "nms" and the table name is "users"

Under "users" I just create 3 columns namingly as "userid" "username" and "password"

does any conflict happen with my mysql database to my code?

Member Avatar for cereal

Hi Zelrick,

line 21: $mypassword=$_POST['pwd'[; wrong closing bracket, fix that and the script seems fine, for me.

Have you tried to print something before the rest of the script executes? Put the following on the top of the script and send the request through the form:

die('date: ' . date('Y-m-d H:i:s'));

You should, at least, see the output of this line. If it does not work, repeat the same line under a new file, then request it directly from the browser (to test a GET request) and then point the form to the new file to test a POST request. If it's not the PHP configuration and the login.php file is not corrupted by some invisible character, then it could be Apache: POST requests can be disabled, but usually not in the default configuration.

In my firefox browser, I type this.. localhost/portal/Test/login.html
I think I set my localhost as /var/www/html

Apache, with the default configuration, uses two log files: one for the errors and one for the access requests. From there you can see if the form is submitted and how the server answers to the request.

You can find these files under /var/log/apache2/ or check the /etc/apache2/apache2.conf file to get the correct location.

The PHP log file is usually under /var/log/ too. See if it returns something useful.

From here I cannot do much more. For this reason too I suggested you to use the built-in server: at least you don't have to deal with web server configurations.

Member Avatar for zelrick

Hello Sir Cereal,

Terrific that line 21 cause of it and also

$myusername = mysqli_real_escape_string($conn, $myusername);
$password = mysqli_real_escape_string($conn, $mypassword);
$sql="select * from $tbl_name where pwd='$mypassword' and name='$myusername'";
$result=mysqli_query($conn, $sql);

the $conn for this :) and Thank you for letting me know the Error Log & Access Log.

I see the line 21 on the Error Log aswell.

But it seems it is not connecting with my database.

Before I add the date, the browser display "Cannot Select Database".

Which is on my line 19

mysqli_select_db("$db_name")or die("Cannot Select DataBase");

but doing "use nms;" in my mysql and do "select * from users;"

There is my database, what could be the cause? :((

But atleast the browser is not blank now lol

Edited by zelrick because: added content and edit some line
Member Avatar for cereal

the browser display "Cannot Select Database".

ok, it's the same issue: add the $conn parameter to the mysqli_select_db() function, see:

If you read the documentation carefully, you will see that the MySQLi extension supports procedural and object styles, depending on what you use, the number of parameters will change.

Member Avatar for zelrick

Hello Sir Cereal,

This is cool I got it, but I dunno if it really connects coz typing the right password the output still says

"Authentication failure" same when typing a wrong password.

PS: Sorry for the late reply got loads of projects :(

Member Avatar for cereal

Check the documentation of the connect function, you can fix it by yourself ;)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.