0

I have created a site with a login and register.It was working, but when I finished it something was very wrong, I can't login to the site.

I can register a new user and that is added in the mysql db but when I try to login the redirect does not work it will not goto the page index.php.

Can anyone look at this source because and see if you can find anything wrong.

<?php


session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","root","") or DIE ("Could not connect");
mysql_select_db("case") or die ("could not find db");

$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);

if($numrows !=0)

{

while ($row = mysql_fetch_assoc($query))    

{

$dbusername = $row['username'];
$dbpassword = $row['password'];

}

if ($username==$dbusername&&$password==$dbpassword)
{

header('location: index.php'); 


/*echo "Login successful. <a href='membersarea.php'>click her to enter members erea<a/>"; */
/*$_SESSION['username']=$dbusername; */

}
else
    echo "Incorrect password";
}
else echo ("That username dows not exist");
}
else
    die ("Please enter a username and password");



?>
Improve this question
3
  • 2
    Your code is vulnerable to SQL injection. Also mysql_* functions are dangerous and you should not use them. stackoverflow.com/questions/13944956/… Commented Apr 27, 2014 at 22:15
  • You can't login to your site? What errors do you get? How do you know that "something was very wrong?" Commented Apr 27, 2014 at 22:16
  • Please use indentation, brackets around if/else branches (to help readability and maintainability), mysqli instead of mysql (as mysql is deprecated), prepared statements (to avoid sql injection that your code is vulnerable now to). Also it might makes sense to check your inputs with isset() or empty() not to generate notice level errors but that's the smallest issue I guess Commented Apr 27, 2014 at 22:19

3 Answers 3

Reset to default
4

Get rid of php closing tag ?> and whitespaces, html, blank lines before php opening tag <?php. Also check if there is no output before :

header("Location:");

Like print,var_dump, echo and so on. Also check your if condition, maybe you are just skipping it.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The problem is the script does not redirect, why. ?
@alphadec : Have you got something in your error_log? The script does not redirect because there is an error Headers already send and/or script skips your if statements (you can check which of them it skips by echoing something after each).
0

WARNING! you have an SQL injection ERROR. Try with:

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

Now, simplify your life:

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

Is it right?

if( mysql_num_rows($query) > 0 ) {
 header('location: index.php');
}
Improve this answer

1 Comment

Yes I know this will be open for sql injection but this is more a case for me. But what I dont understand this has worked but now it does not.
0

At first sight, I notice this:

while ($row = mysql_fetch_assoc($query)) {
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
}

if ($username == $dbusername && $password == $dbpassword) {

The if is outside the loop. It will only be used against the last row.

If you only have one user, it should be working.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.