Home/ Questions/Q 7963203
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T05:33:38+00:00

I have the following log in script that is run when a user hits

  • 0

I have the following log in script that is run when a user hits the submit button on the login form on http://www.msheeksproductions.com. I have removed the DB login info for security reasons.

    <?php
error_reporting(E_ALL);
        $user = '***************';
        $pass = '***************';
        $host = '***************';
        $data = '***************';
$userN=$_POST['userN'];
$passW=$_POST['passW'];

mysql_connect($host, $user, $pass)or die("Could not connect");
mysql_select_db($data)or die("Database Not Found");

$query="SELECT userID FROM sec_login WHERE Username='$userN' AND Password='passW'";
$result=mysql_query($query) or die(mysql_error());

$user=mysql_num_rows($result);
if($user==1) {
    session_register("userN");
    header("location: ../index.php");
}
else {
echo("You have entered invalid login information.");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

My issue is, if you land on the security.php page, nothing happens. The PHP script doesn’t seem to be being executed at all. I’m not sure if I have a syntax error somewhere, or if it’s a configuration issue with my hosting account. The server is using PHP 5.2. Does anyone know if there are known issues with Bluehost for these sorts of things? If there’s a coding error, then obviously I would love to know as well. I’m new to this, so I may not have done everything right.

Also, I am attempting to call the variable again in the index.php file, which seems to not return any data.

<?php $usr=$_SESSION['username']; 
echo "User Name Is: $usr"; ?>

Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Please consider the following:

    • Beware of SQL injection(Stopped by mysql_real_escape_string);
    • Beware of session fixation / hijacking;
    • Beware or brute force attacks;

    • Please check http://php.net/pdo for better error handling and query parameters….

      <?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user = '***************';
    $pass = '***************';
    $host = '***************';
    $data = '***************';

    mysql_connect($host, $user, $pass) or die("Could not connect");
    mysql_select_db($data) or die("Database Not Found");

    $result=mysql_query("SELECT COUNT(1) FROM sec_login WHERE Username='".mysql_real_escape_string($_POST['username'])."' AND Password='".mysql_real_escape_string($_POST['password'])."'") or die(mysql_error());

    if(mysql_result($result) == 1) {
        $_SESSION['username'] = $_POST['username'];
        header("location: ../index.php");
        exit;
    } else {
        $message = 'You have failed to provide valid credentials.';
    }
} else {
    $message = '<form method="post">
                    <input type="text" name="username" value="username" />
                    <br />
                    <input type="password" name="password" value="password" />
                    <br />
                    <input type="submit" />
                </form>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php echo $message; ?>
    </body>
</html>
    • 0