-2

I am relatively new to coding things in php and am looking for help with what I am doing wrong. I've been looking through this site for the last few hours and can't find anything that specifically answers my question. So any help would be greatly appreciated.

I am trying to make a really simple login to a page using only a password. It seems though I did something wrong. I made everything live on the ftp server and went to login to my members page.

UPDATED: Below is the final code that worked out for me.

Here is the code I put at the top of "members.php":

<?php
error_reporting(E_ALL);
    session_start();

    if(!isset($_SESSION['loggedin'])){
       header("location:login2.php");
    }
?>

That sends me to "login.php" which I can get to. Below is what my form code looks like on this page:

<form name="form1" method="post" action="checklogin.php">
        <label for="password">This Area Requires a Password:</label>
        <input name="password" type="text" id="password">
        <div id="lower">
         <input type="submit" name="Submit" value="Login">
        </div>
    </form>

Once someone enters the password (there is only one password), the submit/login button is supposed to take them to "checklogin.php" which then redirects them to "members.php". Unfortunately, that is not happening. It simply clears what I typed in the password box and stays on the same page (login.php) and I don't get any error messages.

Below is the code I have on "checklogin.php":

    <?php
error_reporting(E_ALL);
session_start();

$host=""; 
$username="";
$password="";
$db_name="";
$tbl_name="";

mysql_connect($host, $username, $password) or die("cannot connect"); 
mysql_select_db($db_name) or die("cannot select DB");

$mypassword=$_POST['password'];
$mypassword = stripslashes($mypassword);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

    $_SESSION["loggedin"] = "true";

    header("location:members2.php");

}
else {

    echo "Wrong Password";

}
?>

I took out the database login info for my sites security, but I did set up a table within the database that looks like this:

Database Table Image

So I'm not quite sure what I am missing, but that probably is because I'm rather new to it. Any help would be greatly appreciated and of course if you have any questions, please feel free to ask. Also, if anyone might suggest a way to encrypt the password, that would be great as well. Thank you.

Patrick
  • 7
  • 1
  • 8
  • Make sure the session_start()on every page this will start a session if the session is not started and it will resume it if it is already started – Jaylen Sep 21 '14 at 05:38
  • and make sure that you don't output ANYTHING before calling the header function. at the start of your script " – user1269942 Sep 21 '14 at 05:40
  • Mike, do I need to put that on the login.php page as well even though it is already sending that way? – Patrick Sep 21 '14 at 05:42
  • There are no spaces before the – Patrick Sep 21 '14 at 05:44
  • You don't need it on the login page unless you want to auto direct the user to member.php they they already logged in and went back to login.php – Jaylen Sep 21 '14 at 05:46
  • mysql is deprecated, use mysqli or PDO. Why are you using string interpolation for your DB credentials ? Using the variables directly will work just fine. –  Sep 21 '14 at 06:21
  • it shouldn't be `or die();` it should be in a separate line. jut `die();` – Himal Sep 21 '14 at 06:55
  • What's happening now ? still redirecting to loginpage ? also you have a extra `
    ` in your html
     – Himal Sep 21 '14 at 07:00
  • @Himal Yes it is still going there. Ah yes. Just a slip of the eyes. I have taken that out now and will update the above code. – Patrick Sep 21 '14 at 07:01
  • Have you removed the extra `
    ` tag ? you might wanna learn basic html, php stuff before going into this type of stuff.
     – Himal Sep 21 '14 at 07:02
  • @Himal my bad. I do understand html and am very green at php. Thus why I'm asking for a bit of help here. I removed the extra form tag and now when I try to login it sends me to a page with just... array(2) { ["password"]=> string(11) "moaofficial" ["Submit"]=> string(5) "Login" } on it. – Patrick Sep 21 '14 at 07:05
  • Now, remove the `var_dump();` and `die();` parts and see what happens. – Himal Sep 21 '14 at 07:07
  • It wasn't the only mistake.your code didn't even post to the correct page(checklogin.php) becasue of the extra `
    ` tag remember ?.i don't care about internet points, just wanted to let you know that since it looks like you didn't even understood what was causing your problem.if you have a new issue you should create a new question instead so it won't look like my answer was irrelevant.
     – Himal Sep 23 '14 at 01:51
  • Don't ever tell me you haven't over looked the simplest of pieces of code before. I do understand code when it comes to html, css, and others. I changed the answer checkmark due to the fact that it still didn't work with your modifications (including the deleting of the
    – Patrick Sep 23 '14 at 02:18
  • 1
    EVERYTHING is wrong here, everything. Please never use this code, delete it and hire a professional or learn PHP and security basics for some years. Seriously. You'll bring yourself in horrible security issues with this. – Sliq Sep 23 '14 at 02:19
  • @Panique In our case, were not really worried about security. Just enough to deter someone from getting to a certain page, but yet make it look and work well. Nothing on the page it is logging into is worth anything to anybody other than the ones with the password. – Patrick Sep 23 '14 at 02:25
  • According to [This Comment](http://stackoverflow.com/questions/25956102/what-is-wrong-with-my-php-login-code?noredirect=1#comment40638638_25956102) it was totally different than your original question(mysql_connect warnings) plus the selected answer didn't even address that.i don't want to repeat myself and this will be my last response to this thread. – Himal Sep 23 '14 at 02:26
  • @Himal My question never concerned connect warnings??? So thank you, but goodbye. – Patrick Sep 23 '14 at 02:29
  • 1
    @Patrick The thing is, the code shows that you are really doing everything wrong, in a horrible way. If you really have no idea what you do, DONT DO IT. It's a questions of milliseconds to take over your server and use it for criminal actions. Dont put this on the web. Go to university and learn PHP for 5 years, THEN build applications. Also, why don't you do a simple google research ? I'll never understand that. 100.000 people before you have build login systems. – Sliq Sep 23 '14 at 03:30

2 Answers2

0

Why are you storing the password in session? If you want to store it is session then at the page check login.php do this Start_session(); $_session['mypassword'] = $_post['password'];

i would not store a password in a session. You can do something like instead $mypass = $_post['password'];

Then create. Session variable and only set it if the user is authenticated.

If the $mypass was found in the database then do Start_session(); $_session['autherized'] = true;

On the rest of the pages you can go on the very top before my echo statement do this Sesaion_start(); If(!isset($_session['autherized']) || ($_session['autherized'] !== true){ Header('location: login.php'); Exit(); } You can review this link for a tutorial on how to create a simple loging pages

http://www.devarticles.com/c/a/PHP/PHP-for-Beginners-by-a-Beginners/

Sorry about any typo/format I am using my iPhone so it is hard to type

Jaylen
  • 39,043
  • 40
  • 128
  • 221
  • I'm not sure I can accurately answer why I would want to store it in session. I thought it was needed there (like when a username goes there) in order to stay logged in. Is there a better way to do that or shouyld I say a correct way of going about that? Again, forgive me as I'm really green to php – Patrick Sep 21 '14 at 05:49
  • I revised my answer to give you a different approach – Jaylen Sep 21 '14 at 05:56
  • Sorry Mike. I'm a little lost with what to do with $mypass ? Where am I putting in regards to the code and what does it have to do in the database? – Patrick Sep 21 '14 at 06:15
  • $mypass will be a variable that contains the typed password. So u use that in the login.php page to check the password in the database. – Jaylen Sep 21 '14 at 06:26
0

Your approach is either right or wrong I just correcting it so it works for you.

I hope it will work for you as I have tested it in my PC.

Login.php

checklogin.php

members.php

Indrasinh Bihola
  • 2,094
  • 3
  • 23
  • 25
  • Worked Perfectly. Thank you. You caught my typo in the code in the line... $mypassword=$_POST['mypassword']; and changed it to $mypassword=$_POST['password'] Much Appreciation for your help. – Patrick Sep 23 '14 at 01:25