1

I'm trying to create simple login/registration page.

I'm using index.php which includes login.php in it.

I want to report the login errors in a specific position, using an answer to a preious question.

The problem is that if I encounter an error, the url changes to the login.php file and on next login I get error of "Cannot find page".

I want to eventually be able somehow display errors and be able to get another input and handle it.

login.php:

   <?php

    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="kupon"; // Database name 
    $tbl_name="users"; // Table name 

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form 
    $email=$_POST['email']; 
    $password=$_POST['password']; 

    // To protect MySQL injection
    $email = stripslashes($email);
    $password = stripslashes($password);
    $email = mysql_real_escape_string($email);
    $password = mysql_real_escape_string($password);
    $sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $email and $password, table row must be 1 row
    if($count==1){

    // Register $email, $password
    $_SESSION['email'] = $email;
    $_SESSION['password'] = $password; 
    header("location: members.php");
    }
    else {
       $error = '<p class="error">User does not exist</p>'
       include('../index.php');
       exit;
    }
    ?>

index.php form:

                <form action="php/login.php" method="post" class="form">
                    <p class="email">
                        <input type="text" name="email" /> :דואר אלקטרוני</br>
                    </p>
                    <p class="password">
                        <input type="password" name="password" /> :סיסמא</br>
                    </p>
                    <p class="submit">  
                        <input type="submit" value="היכנס" />  
                    </p>  
                </form>
                <?php
                    if(isset($error)) echo $error;
                ?>
Improve this question
3
  • 3
    This is a somewhat sloppy way of building software. You should look into one of the many PHP Frameworks, and either using one of them to build your site or at least drawing inspiration for the way they build their code. Including an HTML file in the middle of a block of executable PHP code is a practice which you should avoid; experience will show you it produces code which is difficult to maintain at best. Commented Aug 25, 2012 at 16:22
  • 1
    Some advice: "$variable" should be $variable in most cases, and this is one of said cases. stripslashes calls mean one of the following: magic quotes are enabled, in which case you should disable them immediately; or, they are unnecessary and can only serve to provide incorrect input. Another point of note is that you appear to be storing your passwords in plain text, which is a rather serious security flaw; hash them using bcrypt. Finally, avoid the deprecated mysql_ extensions. PDO and MySQLi are viable alternatives. Commented Aug 25, 2012 at 16:25
  • Thank you, I'm a newbie which is too excited to start and get results. I guess I'll hit the books more. OOP really confuse me honestly. Commented Aug 25, 2012 at 16:49

3 Answers 3

Reset to default
2
  1. You shouldn't put passwords or other Personal Identification Information into the session. Better to have your login code assign a session ID with an identification that links it to the user in your database. (Like a column filled with unique values called userid)
  2. You need to make sure you are initializing the session in the login.php and any page that you want to have require they be authenticated. This allows you to have the page check the session to confirm that the user is actually logged in.

To resolve the 404 error (Page Not Found), you need to fix this: header("location: members.php");. That needs to be the full path of the file. Since your login.php file is under the directory of php and members.php is not, when you get directed to login.php, this location forward tries to load members.php in the php directory and since it is not there, it gives a 404 error.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you, just fixed that, still it's not helping with my issue
Edited to add in what I suspect is the issue with the 404 error.
0

You are including the login.php, but the actual page is index.php - so you should post your form to index.php instead.

Improve this answer

1 Comment

You said you were including it, I assume that was via a PHP include. If not, then you'll of course still have to post the form to login.php
0

It looks like you have a problem using relative urls. You start on index.php, which redirects on form submission to php/login.php. Next time, you submit to php/php/login.php instead.

If you're in the document root, try using /index.php and /php/login.php instead. I can't be more specific without knowing more about your project's layout however.

Improve this answer

2 Comments

this is what happens the php/php/login.php. eventually I want to use index.php to the login form, if session isn't started, and display login errors in it. If also could be done, I want to change the login form to registration form if no such user exists.
Structure is index in root, login, registration and memebers in PHP folder

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.