0

Good day!

I have been looking for various solutions on the web but I haven't passed by a single one to solve my problem

Basically I have been making a login system with a registration feature, and everything is working well except when I try to register, it doesn't enter into the database that I have made. Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong.

Here's the database:

+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
| studID   | int(11)     | NO   | PRI | NULL    | auto_increment |
| fname    | varchar(30) | NO   |     | NULL    |                |
| lname    | varchar(30) | NO   |     | NULL    |                |
| address  | varchar(80) | NO   |     | NULL    |                |
| username | varchar(20) | NO   |     | NULL    |                |
| password | varchar(20) | NO   |     | NULL    |                |
+----------+-------------+------+-----+---------+----------------+

index.html

<html>
<head>
<title>Welcome!</title>
<style>
</head>
<body>
<form name="form1" method="post" action="login.php">
<div align="center">
<p><img src="images/welcome.jpg" /></p>
  <table id="title">
    <tr>
      <td>Username:</td>
          <td><input type="text" name="username" /></td>
      </tr>
    <tr>
      <td>Password:</td>
        <td><input type="password" name="password" /></td>
      </tr>
    <tr>
      <td>&nbsp;</td>
        <td><input type="submit" name="submit" value="Log In" /></td>
      </tr>
  </table>
<p>New here? <a href="signup.php">Register!</a></p>
</div>
</form>
</body>
</html>

login.php

<?php
include("db.php");

session_start(); 

$username=($_POST['username']);
$password=($_POST['password']);

$result=mysql_query("SELECT count(*) FROM student WHERE username='$username' and password='$password'");

$count=mysql_fetch_array($result);

if($count==0){
  session_register("username");
  session_register("password");
  header("location:success.php");
} else {
  echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
  }
?>

and db.php

<?php  
    $conn = mysql_connect('localhost', 'root', 'ella');
     if (!$conn)
    {
     die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("studrecord", $conn);
?>

signup.php (it's quite long, will cut some unnecessary parts)

<html>
<head>
<title>Register</title>
</head>
<body>
<form action="index.html">
  <table id="title">
    <tr>
      <td>First Name:</td>
        <td><input type="text" name="fname" /></td>
      </tr>
    <tr>
      <td>Last Name:</td>
        <td><input type="text" name="lname" /></td>
      </tr>
    <tr>
      <td>Address:</td>
        <td><input type="text" name="address" /></td>
      </tr>
    <tr>
      <td>Username:</td>
        <td><input type="text" name="username" /></td>
      </tr>
    <tr>
      <td>Password:</td>
        <td><input type="password" name="password" /></td>
      </tr>
    <tr>
      <td>&nbsp;</td>
        <td><input type="submit" name="submit" value="Sign Up" /></td>
      </tr>
  </table>
</div>
</form>

<?php
if (isset($_POST['submit']))
    {      
    include 'db.php';

                    $fname=$_POST['fname'];
                            $lname=$_POST['lname'];                 
                    $address=$_POST['address'];
                    $username=$_POST['username'];
                    $password=$_POST['password'];

         mysql_query("INSERT INTO student(fname,lname,address,username,password) 
         VALUES ('$fname','$lname','$address','$username','$password')"); 
            }
?>
</...

Thank you in advance!

Improve this question
5
  • if login system is working well and not register then why you show your login.php and not signup.php ? Commented Aug 4, 2013 at 13:06
  • oh, right-- totally overlooked that. thanks for reminding! Commented Aug 4, 2013 at 13:07
  • 2
    mysql is deprecated, try mysqli or pdo Commented Aug 4, 2013 at 13:08
  • 1
    session_register("username") is deprecated use $_SESSION["username"] Commented Aug 4, 2013 at 13:10
  • EVERYTHING in your script is bad, wrong, extremely outdated and totally insecure. I really dont want to offend you, but you should not use this script! Pleeease get a professional script. Commented Aug 4, 2013 at 14:11

4 Answers 4

Reset to default
1

Looking at your signup.php document, it looks like your form action takes you back to the index.php page. That means the logic of the following PHP code never actually takes place. Use this:

<form action="signup.php" method="post">

instead of <form action="index.html">.

Try changing the form action to the page itself and see if you get data inserted into your table.

Some side notes:

  • As others have said here, the mysql commands are deprecated in current versions of PHP, so either mysqli or PDO would be better to use.
  • Instead of asking for 'SELECT count(*) FROM student WHERE username='$username' and password='$password', it might be better to just ask for the result rows themselves by replacing COUNT(*) with simply *. You may then use mysqli_num_rows to count the rows.

  • I hope I'm not missing anything, but I am a little confused by the logic on your index.php page. You say

    if($count==0){
    // Register a session ...
} else { 
    // Wrong password/username...
}

    where I think you mean if($count > 0), because you want a row to exist with that username/password combination.

  • If you plan on using database queries extensively in your project, I highly recommend reading the documentation on PDO and prepared statements in particular. This will allow you to largely avoid SQL injection issues and also to more easily prepare flexible queries.

Good luck in your endeavors!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@EllaDurban Any time. There's a great SO post about prepared statements here. It's still relevant, even though it was answered five years ago.
0

Try changing the count query to this. Also stay well away from mysql_* functions as they are depreciated.

<?php
include("db.php");

session_start(); 

$username=($_POST['username']);
$password=($_POST['password']);

$result=mysql_query("SELECT * FROM student WHERE username='$username' and password='$password'");

$count=mysql_num_rows($result);

if($count==0){
  session_register("username");
  session_register("password");
  header("location:success.php");
} else {
  echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
  }
?>
Improve this answer

1 Comment

"Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong."
0

Not an awnser to your question but change 

$username=($_POST['username']);
$password=($_POST['password']);

to 

$username=mysqli_real_escape_string($_POST['username']);
$password=mysqli_real_escape_string($_POST['password']);
Improve this answer

2 Comments

he is not using mysqli
ah, yes you are correct. He should though as mysql_* functions are deprecated.
0

you are login with wrong password because you are not checking if exist in database , change your code to this.

change this

   $count=mysql_fetch_array($result);

 if($count==0){
 session_register("username");
 session_register("password");
 header("location:success.php");
 } else {
   echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
 }

to

     $count=mysql_num_rows($result);

 if($count > 0){
  session_register("username");
  session_register("password");
  header("location:success.php");
 } else {
   echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
 }

in your register yfile you are checking with same name of login and signup

   if (isset($_POST['submit']))
                      ^^^-------name

change the name of register input .

to this

    if (isset($_POST['register_form']))

and put it in your form.

and change your form

      <form action="index.html">

to

     <form action="signup.php" method ="POST" name="register_form">
Improve this answer

2 Comments

Thanks, the login is working well now. I edited the register file as you said, but any of my inputs as I signup still can't be inserted into database.
you just change action to signup.php because you was using index.html in action and like that should work everything :). wish i could help you.sorry i was not here

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.