Login PhP Script

Question

So I've been trying to Get my Validation script for my login to Work.

Here's The Code:

  <?php
   ob_start();
   $host="localhost"; // Host name 
   $username="***"; // Mysql username 
   $password="***"; // Mysql password 
   $db_name="**"; // Database name 
   $tbl_name="**"; // Table name 

    // Connect to server and select databse.
   mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
   mysql_select_db("$db_name")or die("cannot select DB");

   // Define $myusername and $mypassword 
   $myusername=$_POST['username']; 
   $mypassword=$_POST['password']; 

   // To protect MySQL injection (more detail about MySQL injection)
   $myusername = stripslashes($myusername);
   $mypassword = stripslashes($mypassword);
   $myusername = mysql_real_escape_string($myusername);
   $mypassword = mysql_real_escape_string($mypassword);

   $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and     password='$mypassword'";
   $result=mysql_query($sql);

   // Mysql_num_row is counting table row
   $count=mysql_num_rows($result);

   // If result matched $myusername and $mypassword, table row must be 1 row
   if($count==1){

   // Register $myusername, $mypassword and redirect to file "login_success.php"
      session_register("myusername");
      session_register("mypassword"); 
      echo "Welcome $myusername";
      header("location:../htdocs/home.php");
      exit();
   }
   else {
      echo "Wrong Username or Password";
   }
   ob_end_flush();
?>

What's weird is that if I entered credentials not in My Database it does return that they are incorrect. But If they are correct it doesn't redirect me to home.php

Probably because the path `header("location:../htdocs/home.php");` is wrong. Tried `header("location:/home.php");`? — j08691, Jun 18 '14 at 17:23
Sidenote: [`session_register()`](http://www.php.net//manual/en/function.session-register.php) --- *"This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0."* — Funk Forty Niner, Jun 18 '14 at 17:25
Where did you learn to use `session_register`? If it was from a tutorial, it's very out of date. — gen_Eric, Jun 18 '14 at 17:26
FYI, `stripslashes` and `mysql_real_escape_string` do not protect against injection. Also, the obligatory `mysql_*` functions are deprecated [link](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). — The Blue Dog, Jun 18 '14 at 17:37
Should use `mysql_set_charset()` after connecting and for `mysql_real_escape_string()` to work as expected. — Daniel W., Sep 19 '14 at 12:27

score 1 · Answer 1 · edited Sep 19 '14 at 12:27

1

The code is very bad, would suggest you dont use it. As for the problem the SQL function you are using is wrokg.

replace $result=mysql_query($sql); with $result=mysql_fetch_array($sql);

as for the if($count==1){ change to if($result){

That should resolve your issue, also at the end of the SQL statement add LIMIT 1

edited Sep 19 '14 at 12:27

Mad Angle

2,347
1
15
33

answered Sep 19 '14 at 12:05

Christopher Shaw

763
6
19

Login PhP Script

1 Answers1