Home/ Questions/Q 3316506
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T22:28:39+00:00

i have the process page for login, i can connected to DB and also

  • 0

i have the process page for login, i can connected to DB and also can check the username and password.

but after that, i cant show the index page after login success.This is my code:

$dbc=mysql_connect(_SRV,_ACCID,_PWD) or die(_ERROR15.": ".mysql_error());
$db=mysql_select_db("qdbase",$dbc) or die(_ERROR17.": ".mysql_error());

    switch(postVar('action')) {
                    case 'submitlogin' :
                    submitlogin(postVar('loguser'),postVar('logpass'));
                    break;
    }
    function submitlogin($loguser,$logpass){
    if(isset($loguser, $logpass)) {
        ob_start();
        // To protect MySQL injection (more detail about MySQL injection)
        $myusername = stripslashes($loguser);
        $mypassword = stripslashes($logpass);
        $myusername = mysql_real_escape_string($myusername,$dbc);
        $mypassword = mysql_real_escape_string($mypassword, $dbc);
        $sql="SELECT * FROM admin WHERE user='$myusername' AND password=('$mypassword')";
        $result=mysql_query($sql, $dbc);
        // Mysql_num_row is counting table row
        $count=mysql_num_rows($result);
        // If result matched $myusername and $mypassword, table row must be 1 row
        if($count==1){
            // Register $myusername, $mypassword and redirect to file "admin.php"
            session_register("admin");
            session_register("password");
            $_SESSION['name']= $myusername;
            header("location:index1.php");
        }
        else {
            $msg = "Wrong Username or Password. Please retry";
            header("location:login.php?msg=$msg");
        }
  //      ob_end_flush();
    }
    else {
        header("location:login.php?msg=Please enter some username and password");
    }
    mysql_close($dbc);
    ob_end_flush();
    }

can you help me to resolve this problem?

EDIT

i get confusing in this part from index1.php: 

<?php
session_start(); //Start the session
define(ADMIN,$_SESSION['name']); //Get the user name from the previously registered super global variable
if(!session_is_registered("admin")){ //If session not registered
header("location:login.php"); // Redirect to login.php page
}
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>

and this part from login.php, because i think they unsyncronize:

if(mysql_num_rows($result) > 0)
        {
            session_register("admin");
            session_register("password");

            $_SESSION['name']= $myusername;

            header("location:index1.php");
        }

i’m just have user and password, where is the admin come from? bcoz from this i get:

 PHP Notice:  Use of undefined constant ADMIN - assumed 'ADMIN' in /var/www/html/index1.php on line 12
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your messing up your real escapes.

    $myusername = mysql_real_escape_string($dbc, $myusername);
$mypassword = mysql_real_escape_string($dbc, $mypassword);

    Should be

    $myusername = mysql_real_escape_string($myusername, $dbc);
$mypassword = mysql_real_escape_string($mypassword, $dbc);

    heres the doc block:

    string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )

    @source: http://php.net/manual/en/function.mysql-real-escape-string.php

    And

    $result=mysql_query($dbc, $sql);

    Should Be

    $result = mysql_query($sql, $dbc);

    Update #1

    Not promising this will work be just gone threw your code and cleaned it up, removed some stuff and added some stuff:

    if(false === ($dbc = mysql_connect(_SRV,_ACCID,_PWD) die(_ERROR15.": ".mysql_error());
if(false === mysql_select_db("qdbase",$dbc)) die(_ERROR17.": ".mysql_error());


switch(postVar('action'))
{
    case 'submitlogin':
        submitlogin(postVar('loguser'),postVar('logpass'));
            mysql_close($dbc);
            exit; //Flushing the headers
    break;
}

function submitlogin($loguser,$logpass)
{
    if(isset($loguser, $logpass))
    {
        $myusername = mysql_real_escape_string(stripslashes($loguser));
        $mypassword = mysql_real_escape_string(stripslashes($logpass));

        $sql = sprintf("SELECT * FROM admin WHERE user='%s' AND password=('%s')",$myusername,$mypassword);

        if(false === ($result = mysql_query($sql))
        {
            //Show Database query error and die()
        }

        // If result matched $myusername and $mypassword, table row must be 1 row
        if(mysql_num_rows($result) > 0)
        {
            session_register("admin");
            session_register("password");

            $_SESSION['name']= $myusername;

            header("location:index1.php");
        }else
        {
            header("location:login.php?msg=" . urlencode("Wrong Username or Password. Please retry"));
        }
    }else{
        header("location:login.php?msg=" . urlencode("Please enter some username and password"));
    }
}
    • 0