Need help with a login form.

by 7 replies
8
I am starting a simple login and registration with php and mysql. I am stuck on this php code. Functions.php and connect.php pages are setup as well and they do connect to the database.

Login.php
HTML Code:
<html>
<head>
<title>Basic CMS - Admin Area Login</title>
</head>
<body>
<?php
session_start();
if(isset($_SESSION['user'])) {
    header('Location: index.php');
} else {    
?>
<form action="dologin.php" method="POST" >
<input type="text" name="username" >
<input type="password" name="password">
<input type="submit" value="Login">
<?php } ?>
</body>
</html>
dologin.php
PHP Code:
<?php
include ('../includes/functions.php');

if(isset(
$_POST['login'])) {
    if(isset(
$_POST['username'])) {
        if(isset(
$_POST['password'])) {
            
$username $_POST['username'];
            
$query mysql_query("SELECT * FROM users WHERE Username = '$username'") or die(mysql_error());
            
$user mysql_fetch_array($query);
            if (
$_POST['password'] == $user['Password']) {
                echo 
"Login successful";
                
$_SESSION['user'] = $user['Username'];
                
header("Location: index.php");
            } else {
                echo 
"Please check your login details";
                include(
'login.php');
            }
        } else {
                echo 
"Please check your password";
                include(
'login.php');
        }
    } else {
        echo 
"Please check your username";
        include(
'login.php');
    }
} else {
    echo 
"Please check that you have filled out the login form";
    include(
'login.php');
}        
?>
Can anyone identify what might be wrong in the php code above?
#programming #form #login
  • What is the error showing?

    Perhaps it works and you are being transferred to a non-existant index.php?
  • The error is basically the last else statement with the login form underneath. "Please check that you have filled out the login form".

    After I login, I should be redirected back to index.php but that does not happen. It stays on dologin.php page. So I am assuming the php code isn't connecting to the database to find the user.
  • add

    Code:
    include ('../includes/connect.php');
    to your dologin.php page? or is that already taken care of in your functions.php file?
  • Well actually, if your saying the error you are seeing is "Please check that you have filled out the login form", that means that you are not posting the 'login' variable correctly.

    Code:
    if(isset($_POST['login'])) {
       //some code here
    } else {
       // this is being executed here - so the 'login' post variable is not set
    }
  • Connect.php is already included in Functions.php.

    Yes there is something wrong with the login post variable. I am just not seeing what it exactly.

    Also if you guys have a different code for the login, I can try that.
  • Ah, I see the problem. This needs to be added to your login form (Login.php)

    Code:
    <input type="hidden" name="login" value="login">
    Also, there is no closing tag for your Form

    Code:
    </form>
    However, your login script is wide open to SQL injection because it is using user supplied variables directly in the sql query without escaping.

    Your homework:

    https://www.google.ca/search?q=what+...sm=93&ie=UTF-8
    • [1] reply

    • You are awesome bro! It works now.

      I understand it is open to SQL injection. This is my first crack at creating a CMS, so I would like to keep it simple as I am learning the process. Later on, I can add security protections that are up to date.


      Update: I forgot to mention one other thing that I was missing. I had to add "session_start();" in the dologin.php. So everything is good now.

Next Topics on Trending Feed

  • 8

    I am starting a simple login and registration with php and mysql. I am stuck on this php code. Functions.php and connect.php pages are setup as well and they do connect to the database. Login.php