Home/ Questions/Q 8830777
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T08:10:14+00:00

So I put together a very crude login form using php and a mysql

  • 0

So I put together a very crude login form using php and a mysql database, and I have it set (or so I think) to redirect back to the login page with a “loginFailed=true&reason=password””. I’m trying to just have it redirect back to the login, and display an incorrect password message, but instead it just redirects to the main index page.

What am I doing wrong here? Granted I borrowed heavily from some pre-existing code due to my lack of coding-knowledge, but it did work as intended for a bit before redirecting.

Here is the code:

passwordcheck.php

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("password"); 
header("location:admin.html");
}

else {
die(header("location:login.html?loginFailed=true&reason=password"));
}
?>

And here is the password field in the login page:

<span class="add-on"><i class="icon-list-alt"></i></span>
<input type="password" id="inputIcon" class="span4" name='password' id='password' maxlength="50" placeholder="<?php $reasons = array("password" => "Yo shitbird, wrong password."); if ($_GET["loginFailed"]) echo $reasons[$_GET["reason"]]; ?>" />
</div>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try moving the header() command out of the die() call:

    else {
    header("location:login.html?loginFailed=true&reason=password");
    die();
}

    There are many other potential problems with this code, I would suggest reading a few tutorials on the subject, there are plenty out there; although be careful, there are many low-quality PHP tutorials that might teach you dangerous practices. Learning more about PHP security is important, especially if this code is going to be on a publicly accessible web server.

    One of the problems is the fact that you are storing passwords in plain-text. Passwords should never be stored in plain-text, they should be salted and stored with a secure hashing algorithm. PHPass is a great utility to help with this.

    • 0