0

I'm trying to follow this tutorial on writing a registration/login script - tutorial

I've changed the deprecated functions to what I've found on the web, but when inputing the right login details this is what i get - screenshot

I suppose it should take me to the main_login.php and say "Login Successful". What am I doing wrong?

main_login.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

checklogin.php

<?php
session_start();
ob_start();

$host="localhost"; // Host name 
$username="lowheigh_user"; // Mysql username 
$password="1234"; // Mysql password 
$db_name="lowheigh_phplogin"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
//if (!isset($_SESSION[$myusername]))
$_SESSION['myusername'] = $myusername;
//if (!isset($_SESSION[$mypassword]))
$_SESSION['mypassword'] = $mypassword;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

login_success.php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page. 
<?PHP
session_start();
if (!isset($_SESSION['myusername'])) {
    header('location:main_login.php');
}

?>
<html>
    <body>
        Login Successful
    </body>
</html>
virmantas
  • 63
  • 1
  • 1
  • 4
  • 2
    _I've changed the deprecated functions_ No, you [haven't](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). – The Blue Dog May 25 '14 at 18:33
  • Then I might have missed some more which I have no idea of. I have changed the session_register and session_is_registered ones. – virmantas May 25 '14 at 18:36
  • Click the link in my comment, mysql_* functions are deprecated. – The Blue Dog May 25 '14 at 18:36
  • it does connect to my database on my server using PHP Version 5.4.24 though. is it worth changing it? – virmantas May 25 '14 at 18:41
  • Yes, those functions will not exist in PHP for much longer. – The Blue Dog May 25 '14 at 18:42
  • Are the new ones going to work on my version? sorry for such a rookie question – virmantas May 25 '14 at 18:45
  • Yeah, sure they will. Mysqli has been around since PHP 5.0.7, better still use PDO. – The Blue Dog May 25 '14 at 18:47
  • After this line: $count=mysql_num_rows($result); add: var_dump('count: '.$count, $sql, $result); you should get a count of 1, the SQL, that is executed, and some 'status' information. If you get zero and/or 'false' then your query has failed. Check that the sql is what you expect and works in 'phpmyadmin' or some such tool. – Ryan Vincent May 25 '14 at 20:12

1 Answers1

1

Your php comments are outside of php on login_success.php. Change:

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page. 
<?PHP
....

to this:

<?PHP
// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page. 
....
Mark Miller
  • 7,442
  • 2
  • 16
  • 22
  • Thanks for pointing that out for me, but that doesn't solve my problem. The code is supposed to take me back to the main_login.php and say "Login Successful" on there, isn't it? – virmantas May 25 '14 at 18:44
  • @virmantas No, according to your code, and the tutorial you linked, when a login is successful it should go to `login_success.php` and print "Login Successful". This page is the "members only" page, and your script is working correctly if the user is directed here after successfully logging in. `main_login.php` is only used as the login page, which calls `checklogin.php`, which on success goes to `login_success.php`, or on failure prints an error. I think after fixing the comments, your program should be working as expected. – Mark Miller May 25 '14 at 22:00