Home/ Questions/Q 8038493
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T03:15:18+00:00

EDIT: ASSIGNMENT WORK. Please don’t mention External Libraries or complicated procedures that deal with

  • 0

EDIT: ASSIGNMENT WORK. Please don’t mention External Libraries or complicated procedures that deal with security issues.

I want to implement a very basic login page that compares the users username and password with ones stored in a database (using MySql) and then redirect to another webpage that is only available to logged in users. I have looked at these two tutorials:

http://frozenade.wordpress.com/2007/11/24/how-to-create-login-page-in-php-and-mysql-with-session/

http://www.phpro.org/tutorials/Basic-Login-Authentication-with-PHP-and-MySQL.html

and I’ve attempted to use both techniques. The second one kept giving me server errors, and the first one gives me the login page, and doesn’t return any errors, but then when pressing the submit button, it just doesn’t do anything. I’ve followed it practically word for word, only changing the file names and some database column names to fit with my pre-existing stuff, but to no avail. This login page has given me an almighty headache and I would really like to get this out of the way and done with now.

LOGIN PAGE

<?php
// Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
    header('Location: RecordEvents.php');
}
?>

… skip all the unnecessary parts

<h1>Login</h1>
<?php
    if(!empty($errorMessage)) 
    {
        echo("<p>There was a problem with your login:</p>\n");
        echo("<ul>" . $errorMessage . "</ul>\n");
    } 
?>
<form action="loginscript.php" method="post">
Username:
<input type="text" name="username" /> </br>
Password:
<input type="password" name="password" /> </br>
<p>
    <!--the submit button with an altered value. once selected the validation script will run-->
    <input type="submit" name="login" value="Allons-y!" />
</p>

</form>

CONFIG.INC (I tried at first naming the file .php but that made no difference.)

<?php

$hostname = 'localhost';
$dbname   = 'clubresults';
$username = 'newuser';
$password = 'password';

// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed,     perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');

?>

LOGINSCRIPT.PHP

<?php

// Inialize session
session_start();

// Include database connection settings
include('Inlcude\config.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM admin_passwords WHERE (Username = '" .     mysql_real_escape_string($_POST['username']) . "') and (Password = '" .     mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: RecordEvents.php');
}
else {
// Jump to login page
header('Location: Login.php');
}

?>

RECORDEVENTS.PHP

<?php  
// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
    header('Location: Login.php');
}
Include ('Include\eventscript.php'); 
?>

… blah blah

<?php
    if(!empty($errorMessage)) 
    {
        echo("<p>There was an error with your form:</p>\n");
        echo("<ul>" . $errorMessage . "</ul>\n");
    } 
?>
<form action="RecordEvents.php" method="post">
Name: <input type="text" name="EventName" value="<?php print $varEventname;?>" />   </br>
Date: <input type="text" name="EventDate" placeholder="yyyy-mm-dd hh:mm:ss" value="<?php print $varEventdate;?>" /> </br>
Location: <input type="text" name="Location" value="<?php print $varLocation;?>" /> </br>
<p>
    <!--the submit button with an altered value. once selected the validation script will run-->
    <input type="submit" name="formSubmit" value="Allons-y!" />
    <!--the reset button to empty the form and start again-->
    <input type="reset" name="formReset" value="Try Again" />
</p>
</form>

the db is called clubresults, the table i’m using is admin_passwords and the column names are: Username, Password.

Can anyone spot the error I am obviously making?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Check your spelling.

    include('Inlcude\config.inc');

    Please see this.

    $login = mysql_query("SELECT * FROM admin_passwords WHERE username = '" .mysql_real_escape_string($_POST['username']) . "' and password = '" .mysql_real_escape_string($_POST['password']) . "'");

    I removed the md5() function.

    http://php.net/manual/en/function.md5.php

    This is what really happens when there is an md5 in your query.
    Lets say that you input the ff.

    username = username
    password = password

    Your query will be like this, with md5() in your $_POST[‘password’].

    SELECT * FROM admin_passwords WHERE username = 'username' and password = '5f4dcc3b5aa765d61d8327deb882cf99'

    Please see the link above for more info!

    • 0