Finker92 Posted January 4, 2012 Share Posted January 4, 2012 Hi all, I hope I am in the right place. I'm new to php/mysql so please be patient with me. I am trying to create a login script to validate username and password against a database I have created. I am not getting an error message but even when I enter correct username/password details from the database to test the code I am getting the message at the bottom of the script. I can't figure out why as I thought I had all bases covered, but obviously not. Here is my code. Thanks for any help in advance. P.S. I have checked the names against my form and they are correct. <html> <html lang="en"> <head> <meta charset="utf-8" /> <title>USER LOGIN</title> </head> <body> <?php if(empty($_POST['name'])){ $name=NULL; echo "Sorry, you forgot to enter your username.</br>"; }else{ $name=$_POST['name']; } if(empty($_POST['password'])){ $password=NULL; echo "Sorry, you forgot to enter a password.</br>"; }else{ $password=$_POST['password']; } $connection = @mysqli_connect('localhost','root','','BLOG_PROJECT') OR die("Could not connect to server"); $username = stripslashes($name); $password = stripslashes($password); $username = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); $info = "SELECT 'username', 'password' FROM USERS WHERE 'username'='$username' and 'password'='$password'"; $return=@mysql_query($info); $rows=@mysql_num_rows($return); if($rows==1){ session_register("username"); session_register("password"); header("location:admin.php"); echo "Hi $username. You are now logged in."; }else{ echo "You have entered incorrect details. Please check your login details and try again."; } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 4, 2012 Share Posted January 4, 2012 Whatever tutorial you're using, stop. That code is about 9 years out of date. Also, when posting code, enclose it within the forum's . . . BBCode tags. Quote Link to comment Share on other sites More sharing options...
Finker92 Posted January 4, 2012 Author Share Posted January 4, 2012 Oh! OK, apologies for wrong forum etiquette. Erm, that's not great news. Is all of the code dated or is it specific parts. I created most of it using Larry Ullman's book which I thought was fairly up to date, so confused as to what parts are old. Did use an online tut for latter parts though. Any suggestions/hints welcome. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 4, 2012 Share Posted January 4, 2012 If that's from one of Larry's books, it must be an old one; he's usually somewhat ahead of the curve. Sometimes a bit hard to follow, but on top of things, nonetheless. Anyhow, stripslashes shouldn't be used without checking to see if magic_quotes_gpc() is On (which it should not be anyhow), passwords should be hashed, session_register() has been deprecated for years, and the error suppression @ operator really shouldn't be used except in very limited instances. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 4, 2012 Share Posted January 4, 2012 The code is also mixing a mysqli connection with mysql functions, which won't work. You must use all the same family of database functions. Quote Link to comment Share on other sites More sharing options...
Finker92 Posted January 4, 2012 Author Share Posted January 4, 2012 Ok, thanks for the tips. Seems this pretty much needs a rewrite so it's back to the drawing board I suppose. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.