0

I'm trying to make a log in form for my website where the username and password are already stored within the table user in mydb. I have created checklogin.php to create a connection from my website to mydb and then check the credentials for the log in.

This is the code for checklogin.php:

<?php
$host="127.0.0.1:3306"; // host name
$username="root"; // mysql usrname
$password=""; // mysql password
$db_name="mydb"; // db name
$tbl_name="user"; // table name

//Connect to server and select database
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die(mysql_error());

//User name and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

if($count==1)
{   // register $myusername, $mypassword and redirect file to loginSuc.php
    session_register("myusername");
    session_register("mypassword");
    header("location:loginSuc.php");
}
else 
{
    echo "wrong username or password";
}
?>

Now I've added the missing component to the previous code, when I run I am now getting errors pointing to lines 13, 14 and 19.

The errors are:

Notice: Undefined index: myusername in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 13/14/19 with the string "wrong username or password" appearing underneath

Once again stuck as to how to fix this -- FIXED

Fixed the errors with lines 13,14 and 19 by adding some extra code. Have now got error:

"Parse error: syntax error, unexpected T_IF in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 27"

<?php
$host="127.0.0.1:3306"; // host name
$username="root"; // mysql usrname
$password=""; // mysql password
$db_name="mydb"; // db name
$tbl_name="user"; // table name

//Connect to server and select database
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die(mysql_error());

//User name and password sent from form
$myusername=$_POST["myusername"];
$mypassword=$_POST["mypassword"];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result)

if($count==1)
{   // register $myusername, $mypassword and redirect file to loginSuc.php
    session_register("myusername");
    session_register("mypassword");
    header("location:loginSuc.php");
}
else 
{
    echo "wrong username or password";
}
?>

ABOVE FIXED

right so now ive got the checkilogin.php bringing up no errors im now using:

<?php

$host="127.0.0.1:3306"; // host name
$username="root"; // mysql usrname
$password=""; // mysql password
$db_name="mydb"; // db name
$tbl_name="user"; // table name

//Connect to server and select databasemysql_connect
mysql_connect($host, $username, $password, $db_name) or die(mysql_error());

if($_POST)
{   
    $myusername=$_POST["myusername"];
    $mypassword=$_POST["mypassword"];

    $sql="SELECT * FROM ".$tbl_name." WHERE myusername=".$myusername." and mypassword=".$mypassword;
    $result=mysql_query($sql);

    // register $myusername, $mypassword and redirect file to loginSuc.php
    session_register("myusername");
    session_register("mypassword");
    header("location:loginSuc.php");

}
else 
{
    echo "wrong username or password";
}

?>

But I'm still getting issues. Whenever I try to log in through the form in my loginpage.html, it goes to checklogin.php but checklogin.php simply shows "wrong password or username". I get this when I press the submit button with no username or password, when I have put the incorrect username and password and even when I use the username and password that I have put as an example in the user table in mydb. (In the user table I have userid, username and password fields).

Here is the php at the beginning of my loginpage.html:

<?php 
session_start();
if(!session_is_registered(myusername))
{
header("location:checklogin.php");
}
?>

and here is the form (i used html5 and twitter bootstrap grid code):

<form class="form-horizontal" method="post" action="checklogin.php">
    <div class="form-group">
        <label for="myusername" class="control-label col-xs-3">Username</label>
        <div class="col-xs-6">
            <input type="text" class="form-control" id="myusername" placeholder="Library card number">
        </div>
    </div>
    <div class="form-group">
        <label for="mypassword" class="control-label col-xs-3">Password</label>
        <div class="col-xs-6">
            <input type="password" class="form-control" id="mypassword" placeholder="Password">
        </div>
    </div>
    <div class="form-group">
        <div class="col-xs-6">
        </div>
    </div>
    <div class="form-group">
        <div class="col-xs-offset-2 col-xs-24">
            <button type="submit" class="btn btn-primary">Login</button>
        </div>
    </div>
</form>
halfer
  • 19,471
  • 17
  • 87
  • 173
  • I think you forgot the $ on `db_name`. `mysql_select_db("db_name")` – takendarkk Feb 15 '14 at 15:17
  • Your `$_POST` array is obviously missing a `myusername` field which triggers the error. You need to check what post data reaches your script by using `var_dump($_POST)` at the beginning of your script. – brezanac Feb 15 '14 at 15:40
  • A couple of tips for good questions: first, please make titles descriptive of the problem, and avoid chatty messages such as "please help", "thanks" etc. They are generally redundant in questions anyway. Also, the question has mutated quite a lot in its lifetime as you've fixed one thing and another, and so now is probably too localised to be of help to anyone else. If you can keep one question per question, it increases the likelihood that it will be useful to other readers with the same problem. – halfer Feb 26 '14 at 14:22

3 Answers3

1

You are supposed to use a variable name for mysql_select_db not a literal string.

$host="127.0.0.1:3306"; // host name
$username="root"; // mysql usrname
$password=""; // mysql password
$db_name="mydb"; // db name
$tbl_name="user"; // table name

//Connect to server and select database
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db($db_name)or die(mysql_error()); // <-- $db_name instead of 'db_name'

//User name and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

if($count==1)
{   // register $myusername, $mypassword and redirect file to loginSuc.php
    session_register("myusername");
    session_register("mypassword");
    header("location:loginSuc.php");
}
else 
{
    echo "wrong username or password";
}
brezanac
  • 9,088
  • 4
  • 40
  • 58
  • thanks for the quick fixes everyone, i now have more issues on lines 13, 14 and 19 any idea on how to fix those? –  Feb 15 '14 at 15:25
  • Then please update the original question with additional issues you have. – brezanac Feb 15 '14 at 15:27
  • I am afraid you can only expect to get help with your problem and that doesn't include sex ;) – brezanac Feb 15 '14 at 15:31
  • i only just noticed that mistake, wasnt quick enough to change it! apologies haha –  Feb 15 '14 at 15:32
  • Just a side note, when you add information to your original post do not remove original content, just add what you have to add at the bottom of the post. Otherwise it will confuse people which didn't get the chance to read the original question. You can leave it as is this time. – brezanac Feb 15 '14 at 15:36
  • thanks for the advice, have managed to fix those errors and am now onto a new error but going to give it a go myself. thanks for the replies! –  Feb 15 '14 at 15:39
0

Here db_name should be $db_name

 mysql_select_db($db_name)or die(mysql_error());
0

i think this should work

<?php
$host="127.0.0.1:3306"; // host name
$username="root"; // mysql usrname
$password=""; // mysql password
$db_name="mydb"; // db name
$tbl_name="user"; // table name

//Connect to server and select databasemysql_connect
mysql_connect($host, $username, $password, $db_name) or die(mysql_error());

//execute when form is submit
if($_POST)
{   //set send data into variables
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];

//check if username have been set
    if(is_null($myusername) || empty($myusername))
    {  $alert = "Enter something!";
    }
    else if(isset($myusername))
    {    $sql="SELECT * FROM ".$tbl_name." WHERE username=".$myusername." and password=".$mypassword;
        $result=mysql_query($sql);

    //convert data into array
        $data = mysql_fetch_array($result);
    //check if array is not empty
        if($data)
        {   //goto this line if user exist
            //set or register `$myusername` to variable `username` in session
            $_SESSION['myusername']=$myusername;

            header("location:loginSuc.php");
        }
        else 
        {   $alert = "wrong username or password"; }
    }
}
?>

you can actually use $_SESSION['myusername'] and $_SESSION['mypassword'] to make a variables using session. - https://stackoverflow.com/a/3682629/3306059

also give those input a name (same to the one in your php code) so you can call them using $_POST

<form class="form-horizontal" method="post" action="checklogin.php">
    <div class="alert">
    <?php 
        if(isset($alert))
        {   echo $alert; }
    ?>
    </div>
    <div class="form-group">
        <label for="myusername" class="control-label col-xs-3">Username</label>
        <div class="col-xs-6">
            <input type="text" class="form-control" id="myusername" placeholder="Library card number" name="myusername">
        </div>
    </div>
    <div class="form-group">
        <label for="mypassword" class="control-label col-xs-3">Password</label>
        <div class="col-xs-6">
            <input type="password" class="form-control" id="mypassword" placeholder="Password" name="mypassword">
        </div>
    </div>
    <div class="form-group">
        <div class="col-xs-6">
        </div>
    </div>
    <div class="form-group">
        <div class="col-xs-offset-2 col-xs-24">
            <button type="submit" class="btn btn-primary">Login</button>
        </div>
    </div>
</form>
Community
  • 1
  • 1
shiro93
  • 1
  • 2
  • thanks for comment, unfortunately this brings up errors on line 12: Notice: Undefined variable: myusername in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 12 and Notice: Undefined variable: mypassword in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 12 –  Feb 15 '14 at 15:55
  • change your sql to `SELECT * FROM $tbl_name WHERE username=".$myusername." and password=".$mypassword;` – shiro93 Feb 15 '14 at 16:00
  • i now have another error on line 21 Parse error: syntax error, unexpected T_VARIABLE in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 21 which is SELECT * FROM $tbl_name WHERE username=".$myusername." and password=".$mypassword; –  Feb 15 '14 at 16:03
  • wait! your table name is wrong. use the same method i applied for variable username. are you still using the old code or the new ones with extra protection? – shiro93 Feb 15 '14 at 16:10
  • i'm using the code that you put above with the correction from the comments, but now im getting "Parse error: syntax error, unexpected T_VARIABLE in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 12" with line 12 being $sql=SELECT * FROM $tbl_name WHERE username=".$myusername." and password=".$mypassword"; –  Feb 15 '14 at 16:13
  • try `"SELECT * FROM ".$tbl_name." WHERE username=".$myusername." and password=".$mypassword;` without the double quote after mypassword. hope that works. – shiro93 Feb 15 '14 at 16:18
  • just about ready to give it up now, changed it to the above suggestion and have now got Notice: Undefined variable: myusername in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 11 and Notice: Undefined variable: mypassword in C:\wamp\www\HTML 5, CSS 3 & PHP\checklogin.php on line 11 with line 11 being $sql="SELECT * FROM ".$tbl_name." WHERE username=".$myusername." and password=".$mypassword; –  Feb 15 '14 at 16:21
  • right. your sql have got to go after **if** cause those are execute after you press **submit** or any button you got. else, you're just submiting empty variables. – shiro93 Feb 15 '14 at 16:27
  • youve been a brilliant help thanks! ive now got no errors but keep getting "wrong username or password" on the screen even when i have entered the correct username and password from the db into the log in form.. –  Feb 15 '14 at 16:40
  • you're welcome! check your `` and see if you name it correctly as your `$_POST['myusername']` and `$_POST['mypassword']`. can you upload the whole code? might be easier to check. ;) – shiro93 Feb 15 '14 at 16:47
  • thanks for having a go at this for me, much appreciated! ive changed the code to your suggested code and am getting an error with the php, the error is Fatal error: Can't use function return value in write context in C:\wamp\www\Code\checklogin.php on line 29 and its at $_SESSION("myusername")=$myusername; –  Feb 20 '14 at 14:37
  • you are welcome. woops, found a syntax error on that line. it should be `$_SESSION['myusername']=$myusername`. – shiro93 Feb 20 '14 at 15:34
  • now theres Parse error: syntax error, unexpected T_STRING in C:\wamp\www\Code\checklogin.php on line 31 on line 31 which is header("location:loginSuc.php"); i really hate php! –  Feb 23 '14 at 23:01
  • you really did copy and paste my codes didn't you. lol. found lots of error in my previous code. new ones posted and tested. if you found anymore error, you know where to find me. – shiro93 Feb 26 '14 at 12:06