Jump to content

How can I get this multi user login system with PHP + MySQL to work properly?

APD1993

By APD1993
in PHP Coding Help

 Share

Recommended Posts

APD1993 Member

APD1993

Posted
Posted

I am currently creating a multi-user login system, and I have created the database in MySQL, but the problem is that my PHP script is not working as expected. I would like it so that if the user enters in a correct username + password combination, then they are redirected to a webpage called "congrats.php" for example. However, with my current PHP code, if I include a redirection instruction based on the correct input, then when I run the script, then the user is instantly taken to the congrats.php page without filling in any login details. I'm quite sure that the database has been connected to, as due to the layout of my script at the moment, the text that reads "You did it!" appears 4 times, the same number of rows in my MySQL database. My PHP coding for this is:

 

<html><head><title>Multi-User Log In Form</title></head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$username = $_POST['username'];
$password = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">
Username <input type = "text" name = "username" size = "8">
Password <input type = "password" name = "password" size = "8">
<input type = "submit" value="Submit">
</form>
<?php
$conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = @mysql_select_db("test3", $conn) or die ("Err: Db");
$sql = "select * from users";
$rs = mysql_query($sql, $conn);
while ($row = mysql_fetch_array($rs)) {

$name = $row["uname"];
$pass = $row["pword"];
if ($username = $name && $password = $pass)
{
//CODE FOR REDIRECTION SHOULD GO HERE
//header("location:congrats.php");
echo "You did it!";
}
else
{
echo "Invalid username and password combination";
}
}
?></body>
</html>

 

Any help in trying to get it so that my PHP script will redirect only if a correct username + password combination is entered would be greatly appreciated :D

Link to comment
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

ok, this is mostly wrong:

$conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = @mysql_select_db("test3", $conn) or die ("Err: Db");
$sql = "select * from users";
$rs = mysql_query($sql, $conn);
while ($row = mysql_fetch_array($rs)) {

$name = $row["uname"];
$pass = $row["pword"];
if ($username = $name && $password = $pass)

change it to this:

$conn = mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = mysql_real_escape_string(trim($name));
$pass = mysql_real_escape_string(trim($pass));
$sql = "select id from users where name='$name' and pass='$pass'";
$rs = mysql_query($sql, $conn);
if (mysql_num_rows($rs) >= 1){
//do your success stuff here such as
header('Location: congrats.php')
}
else {
//do failure stuff here
}

[/code]

Link to comment
Share on other sites
APD1993 Member

APD1993

Posted
  • Author
Posted

ok, this is mostly wrong:

$conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = @mysql_select_db("test3", $conn) or die ("Err: Db");
$sql = "select * from users";
$rs = mysql_query($sql, $conn);
while ($row = mysql_fetch_array($rs)) {

$name = $row["uname"];
$pass = $row["pword"];
if ($username = $name && $password = $pass)

change it to this:

$conn = mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = mysql_real_escape_string(trim($name));
$pass = mysql_real_escape_string(trim($pass));
$sql = "select id from users where name='$name' and pass='$pass'";
$rs = mysql_query($sql, $conn);
if (mysql_num_rows($rs) >= 1){
//do your success stuff here such as
header('Location: congrats.php')
}
else {
//do failure stuff here
}

[/code]

 

I seem to be getting closer, but it still will not redirect on successful input :/

 

My code now reads as follows:

 

<html><head><title>Multi-User Log In Form</title></head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$username = $_POST['username'];
$password = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">
Username <input type = "text" name = "username" size = "8">
Password <input type = "password" name = "password" size = "8">
<input type = "submit" value="Submit">
</form>
<?php
$conn = mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = mysql_real_escape_string(trim($name));
$pass = mysql_real_escape_string(trim($pass));
$sql = "select * from users where name='$name' and pass='$pass'";
$rs = mysql_query($sql, $conn);
if (mysql_num_rows($rs) >=1)
{
header('Location:congrats.php');
}
else
{
echo "Invalid username and password combination";
}

?></body>
</html>

 

I am also getting a couple of messages appearing such as:

 

 

Notice: Undefined variable: name in C:\xampp\htdocs\loginform2.php on line 16

 

Notice: Undefined variable: pass in C:\xampp\htdocs\loginform2.php on line 17

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\loginform2.php on line 20

 

:/

 

Thanks for the help so far, though :)

Link to comment
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

reply couple more changes needed:

$self = $_SERVER['PHP_SELF'];
$username = $_POST['username'];
$password = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">

to become

$self = '';
$name = $_POST['username'];
$pass = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">

Link to comment
Share on other sites
APD1993 Member

APD1993

Posted
  • Author
Posted

reply couple more changes needed:

$self = $_SERVER['PHP_SELF'];
$username = $_POST['username'];
$password = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">

to become

$self = '';
$name = $_POST['username'];
$pass = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">

 

Thank you for the follow up reply, but alas, it is not redirecting me on correct username + password input:(

 

I think my code is now as the way that you suggested:

 

<html><head><title>Multi-User Log In Form</title></head>
<body>
<?php
$self = '';
$name = $_POST['username'];
$pass = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">
Username <input type = "text" name = "username" size = "8">
Password <input type = "password" name = "password" size = "8">
<input type = "submit" value="Submit">
</form>
<?php
$conn = mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = mysql_real_escape_string(trim($name));
$pass = mysql_real_escape_string(trim($pass));
$sql = "select * from users where name='$name' and pass='$pass'";
$rs = mysql_query($sql, $conn);
if (mysql_num_rows($rs) >=1)
{
header('Location:congrats.php');
}
else
{
echo "Invalid username and password combination";
}

?></body>
</html>

 

Again, thanks for the help that you've provided me with :)

Link to comment
Share on other sites
APD1993 Member

APD1993

Posted
  • Author
Posted

You can't send any output to the browser before sending a header(). You should also be developing with error reporting set up to display any and all errors/warnings/notices. You would have gotten a "headers already sent" warning.

 

Is there a way to fix this issue? :)

Link to comment
Share on other sites
APD1993 Member

APD1993

Posted
  • Author
Posted

Yeah, rearrange the logic to determine if headers need to be sent before sending anything else, and if so, send them and exit(). If not continue with the script execution.

 

In the context of my script, where would the logic be placed? :)

Link to comment
Share on other sites
APD1993 Member

APD1993

Posted
  • Author
Posted

I think I'm getting closer now, the script is now in two different scripts and the redirecting seems to work. However, the problem now is that anything entered into the boxes will cause for the user to be redirected, rather than when the correct username + password combination is entered.

 

My loginform3.html coding is:

 

<html><head><title>Login form</title></head>
<body>
<form action = "loginscr.php" method = "post">
Username <input type = "text" name = "username" size = "8">
Password <input type = "password" name = "password" size = "8">
<input type = "submit" value="Login">
</form>
</body>
</html>

 

And my loginscr.php coding is this:

<?php
$name = $_POST['username'];
$pass = $_POST['password'];

$squname = "root";
$sqpword = "";

$conn = @mysql_connect("localhost", $squname, $sqpword) or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = @mysql_real_escape_string(trim($name));
$pass = @mysql_real_escape_string(trim($pass)); 
$sql = "select * from users";
$rs = mysql_query($sql, $conn);

// If you have more than one result, that's also a problem
while ($row = mysql_fetch_array($rs)) {
if (mysql_num_rows($rs)>=1)
{
    // You might want to set some session variables here, too.
    header('Location:congrats.php');
}
else
{
    echo "Invalid username and password combination";

}
}
?></body>
</html>

 

If anyone could help me with this issue, I would be very thankful :D

Link to comment
Share on other sites
Thisnamewilldo Newbie

Thisnamewilldo

Posted
Posted 
<?php
$name = $_POST['username'];
$pass = $_POST['password'];

$squname = "root";
$sqpword = "";

$conn = @mysql_connect("localhost", $squname, $sqpword) or die ("Err: Conn");
$rs = mysql_select_db("test3", $conn) or die ("Err: Db");
$name = @mysql_real_escape_string(trim($name));
$pass = @mysql_real_escape_string(trim($pass)); 
$sql = "select * from users where name = '$name' and pass = '$pass'";
// Surely you only want the user with that username and password they entered?
$rs = mysql_query($sql, $conn);

// If you have more than one result, that's also a problem
while ($row = mysql_fetch_array($rs)) {
if (mysql_num_rows($rs)>=1)
{
    // You might want to set some session variables here, too.
    header('Location:congrats.php');
}
else
{
    echo "Invalid username and password combination";

}
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.