Home/ Questions/Q 8124301
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T06:25:28+00:00

I created a simple login system using sql It has 4 main components index

  • 0

I created a simple login system using sql

It has 4 main components
index -asks for username and pass
checklogin – checks for the credentials
logsuccess
homepage – landing page after successful login

The error generate are given at the end of the post

Index.php asks for username and pass

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML>
     <HEAD>
      <TITLE>Nottingham Uni</TITLE>

      <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script>
      <script type="text/javascript" src="js/process.js"></script>

      <link rel="stylesheet" type="text/css" href="style.css" />
    </HEAD>

     <BODY>

    <center>
    <div id="intro">
      <p>&nbsp;</p>
      <p><img align="absmiddle" src="images/nott-uni-logo.jpg"></p>
    </div>

    <div id="status">

    <fieldset><legend align="center">Authentication</legend>

    <div id="login_response"><!-- spanner --></div>

    <form id="login" name="login" method="post" action="checklogin.php">
    <table align="center" width="300" border="0">
    <tr>
    <td width="80">Username</td><td><input id="name" type="text" name="myusername"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td><input type="password" name="mypassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td><input id="submit" type="submit" name="submit" value="Login">
    </tr>
    </table>
    </form>
    </fieldset>

    </div>
    </center>
     </BODY>
    </HTML>


checklogin.php checks for the credentials

    <?php

    $link = mysql_connect('www.xxxxx.com', 'xxxxxx', 'xxxxxx');
    if (!$link) {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("brainoidultrafb", $link);

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM logintbl WHERE stu_email='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword"); 
    header("location:login_success.php");
    }
    else {
    echo "Wrong Username or Password";
    }
    ?>


If its success it goes to homepage.php

logsuccess.php is below

    <?php
    session_start();
    if(!session_is_registered(myusername)){
    header("location:homepage.php");
    }
    ?>
    <html>
    <body>
    Login Successful
    </body>
    </html>


these codes are give in the following errors

    Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29

    Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29

    Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 30

    Warning: Cannot modify header information - headers already sent by (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 31
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Instead of doing:

    session_register("myusername");
session_register("mypassword");

    You can simply do:

    session_start();
$_SESSION['username'] = 'something';
$_SESSION['password'] = 'something';

    And to check whether the username is set you can do:

    session_start();
if(!isset($_SESSION['username'])){
    // not logged in
}

    Note that I have the session_start() function right above my checks / initialization. In your code you may want to add it at the top of your script to prevent the “Headers already sent by PHP” message.

    Also, please don’t use mysql_* functions for new code. They are no longer maintained and the community has begun the deprecation process. See the red box? Instead you should learn about prepared statements and use either PDO or MySQLi. If you can’t decide, this article will help to choose. If you care to learn, here is a good PDO tutorial.

    One last thing regarding your code. It looks like you do not properly hash the passwords, which is considered bad practice. If an attacker gets hold of your database you have some explaining to do to the people who are in the database (e.g. you have to tell them the attacker got all their passwords).

    • 0