VikiC Posted November 10, 2010 Share Posted November 10, 2010 Hi. I'm having a little problem creating a login using PHP. Looked at several tutorials and not having much luck. I've created a database in MySql called "member" with a username and password field just to test but don't appear to be getting as far as that. I'm also using XAMPP. So basically the PHP so far is five different pages. "config.inc" contains: <?php $hostname = 'localhost'; // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet. $dbname = 'member'; // Your database name. $username = 'root'; // Your database username. $password = ''; // Your database password. If your database has no password, leave it empty. // Let's connect to host mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!'); // Select the database mysql_select_db($dbname) or DIE('Database name is not available!'); ?> "index.php" contains: <?php // Inialize session session_start(); // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { header('Location: securedpage.php'); } ?> <html> <head> <title>PHPMySimpleLogin 0.3</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginproc.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html> "loginproc.php" contains: <?php // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page header('Location: index.php'); } ?> "securedpage.php" contains: <?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html> "logout.php" contains: <?php // Inialize session session_start(); // Delete certain session unset($_SESSION['username']); // Delete all session variables // session_destroy(); // Jump to login page header('Location: index.php'); ?> BASICALLY - when i go into this and enter the username and password the same page index.php stays. Apologies for the length of this post, just wanted to get the info in. Also have checked that MySql server is running etc. Finaly Year Project Student here and i don't want to fall at the first hurdle so any help is appreciated Quote Link to comment Share on other sites More sharing options...
jcanker Posted November 10, 2010 Share Posted November 10, 2010 What do you mean "the same page index.php stays"? Does the page refresh when you click the submit link? In other words, you click submit and it refreshes the page, or does it just not do anything? Quote Link to comment Share on other sites More sharing options...
Rifts Posted November 10, 2010 Share Posted November 10, 2010 I dont know if this is the problem 100% but I would never do this $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); it should look like this: $user = $_POST['username']; $pass = $_POST['password']; $user= stripslashes($user); $pass= stripslashes($pass); $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $pass = md5($pass); $login = mysql_query("SELECT * FROM user WHERE (username = '$user') and (password = '$pass) "); also try echoing the vars. to see if they are working correctly also this site is really helpful to learn about this http://www.phpeasystep.com/phptu/6.html Quote Link to comment Share on other sites More sharing options...
VikiC Posted November 10, 2010 Author Share Posted November 10, 2010 What do you mean "the same page index.php stays"? Does the page refresh when you click the submit link? In other words, you click submit and it refreshes the page, or does it just not do anything? Yeah it just doesn't do anything, i refresh it, it stays the same. Quote Link to comment Share on other sites More sharing options...
VikiC Posted November 10, 2010 Author Share Posted November 10, 2010 I dont know if this is the problem 100% but I would never do this $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); it should look like this: $user = $_POST['username']; $pass = $_POST['password']; $user= stripslashes($user); $pass= stripslashes($pass); $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $pass = md5($pass); $login = mysql_query("SELECT * FROM user WHERE (username = '$user') and (password = '$pass) "); also try echoing the vars. to see if they are working correctly also this site is really helpful to learn about this http://www.phpeasystep.com/phptu/6.html Thanks i'll give this a go. First time using PHP/MySQL...tried a couple of different tutorials, no luck. Quote Link to comment Share on other sites More sharing options...
VikiC Posted November 10, 2010 Author Share Posted November 10, 2010 Got sorted. This tutorial http://www.phpeasystep.com/phptu/6.html was spot on after a few changes. Thanks for the advice guys i'm sure i'll be back for more Quote Link to comment Share on other sites More sharing options...
Rifts Posted November 10, 2010 Share Posted November 10, 2010 welcome, glad it helped. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.