Home/ Questions/Q 8079829
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T16:14:03+00:00

I’m pretty new to PHP, but I decided to try and make a simple

  • 0

I’m pretty new to PHP, but I decided to try and make a simple login page on my test website, just to see how things work. I know it’s not very secure, but I’m not worrying too much about that yet. The problem I am having is when I try to login, be the username correct or not, I am redirected to the login page instantly. I don’t think it is even going to the PHP script that checks the username and password or anything, since I get the same results when I use an incorrect username or password. I’m not entirely sure if this is a PHP problem or not, since the form is in HTML, so sorry if it’s not.

Login Page:

<?
include"includes/head.inc";
?>

    <div class="login" align="center";>

    <h1>Log In</h1>

    <form action="/cp/login.php" method="post">

        <table border="0" cellspacing="2" cellpadding="2">
            <tr>
                <td>
                    Email
                </td>
                <td>
                    <input type="text" name="username">
                </td>
            </tr>
            <tr>
                <td>
                    Password
                </td>
                <td>
                    <input type="password" name="password">
                </td>
            </tr>
        </table>

        <input type="submit">

    </form>

    </div>

    <?
    include"includes/footer.inc";
    ?>

Login.php:

<?
$username = $_POST['username'];
$password = $_POST['password'];

session_start();
include"../includes/connect.inc";

$q = "SELECT * from users where email='$username' and password='MD5($password)'";
$result = mysql_query($q, $connection) or die
("Could not execute query : $q." . mysql_error());

if (!$result) {

    echo "<h1>Incorrect username or password.</h1>";

}
else {
    $r              = mysql_fetch_array($result);
    $login_username = $r["email"];
    session_register("login_username");
    Header("Location: protected.php");
}

?>

Protected.php:

<?
session_start();
if ($login_username == "") {
    Header("Location: ../login.php");
}
else {
    include"../includes/head.inc";
    include"../cp.inc";
    include"../includes/footer.inc";
}
?>

I included all the files just in case they are needed, but it seems to just be looping the login page, not cycling through the others. The username and password I am entering are correct, and worked in my previous login system before I rewrote it to make it work better. I hope I’m not missing anything silly or obvious. Thanks for reading.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Something that might cause this:

    session_start();
if($login_username=="") {

    You’re referring to something inside the session; this is how you should do that:

    session_start();
if (!isset($_SESSION['login_username']) || $_SESSION['login_username']=="") {

    Another small issue:

    <?
$username=$_POST['username'];
$password=$_POST['password'];

session_start();

    You should test the $_POST keys first before attempting to access them.

    if (!isset($_POST['username'], $_POST['password'])) {
    die("Invalid page request");
}
session_start();
$username=$_POST['username'];
$password=$_POST['password'];

    Last but not least, learn PDO; see also the page here that warns about continued use of mysql_ functions: http://uk.php.net/manual/en/function.mysql-connect.php

    • 0