PHP Login Form Session Error

Question

So i'm really new to PHP and i'm trying to make a login form which when the user enters a username and password as found in the database, it will relocate them back to proj.php and will display 'welcome name'. I haven't added that code yet, as so far, when I use a correct username and password, it locates to login.php but does not relocate the user back to the homepage. Any help - much appreciated! I appreciate also that i might be missing some code... I haven't found anything that has worked so far.

Login.php

//connection
$servername = "localhost";
$username = "root";
$password = "***";
$dbname = "login";

$conn = mysqli_connect($servername,$username,$password,$dbname);
if (!$conn) {die("connection failed; " . mysqli_connect_error());}




// Define $username and $password
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['dbusername']) || empty($_POST['dbpassword'])) {
$error = "Username or Password is invalid";
}
else
{

// Define $username and $password
$dbusername=$_POST['dbusername'];
$dbpassword=$_POST['dbpassword'];

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}


$result = mysqli_query("SELECT dbusername FROM login WHERE dbusername='$dbusername' and dbpassword='$dbpassword'", $conn);
$count=mysqli_num_rows($result, $conn);
  $rows = mysqli_num_rows($query);
    if ($count == 1) {
        session_start();
        $_SESSION['dbusername']= $_POST('dbusername');
        header('Location: proj.php'); // Redirecting To Other Page
    } else {
        $error = "Username or Password is invalid";
    }

}
}

?>

proj.php

<div id="main>"
        <div id="login">
        <form class="navbar-form navbar-right" action="login.php" method="post" name="myForm" onsubmit="return validateForm()">
            <div class="form-group">
              <input type="text" placeholder="Username" class="form-control" name="username" id="name">
            </div>
            <div class="form-group">
              <input type="password" placeholder="Password" class="form-control" name="password" id="name">
            </div>
            <input type="submit" type=""name="submit" class="btn btn-success"></button>

          </form>
          <table border="0" cellpadding="10" cellspacing="1" width="500" align="center">



          <script>

add `exit();` after your `header('Location: proj.php');` function in *Login.php* file. — Rajdeep Paul, Nov 12 '15 at 16:54
You should display error messages, this should show you some issues.. e.g. use mysqli_query like this: `mysqli_query($conn,"SELECT ...");`, also `mysqli_num_rows($result);` (without $conn).... also, `$rows = mysqli_num_rows($query);` seems odd to me, since there is no `$query` var available — Tanuel Mategi, Nov 12 '15 at 16:54
we also have no idea what this function does `validateForm()` and this will fail `$result = mysqli_query("SELECT...` as will `$count=mysqli_num_rows($result, $conn);` - Far too many things wrong with your code. — Funk Forty Niner, Nov 12 '15 at 16:56
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Nov 12 '15 at 17:00
You really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Nov 12 '15 at 17:00

Jah · Answer 1 · 2015-11-12T16:58:34.087

0

This is what the script is looking for.

// Define $username and $password
$dbusername=$_POST['dbusername'];
$dbpassword=$_POST['dbpassword'];

The input are wrongly named:

username should be dbusername

password should be dbpassword

<input type="text" placeholder="Username" class="form-control" name="dbpassword" id="name">

<input type="password" placeholder="Password" class="form-control" name="dbpassword" id="password">

edited Nov 12 '15 at 16:58

answered Nov 12 '15 at 16:54

Jah

986
5
26

1

you missed *quite* a few things. – Funk Forty Niner Nov 12 '15 at 16:55
1

...and I mean quite a few. The OP will still be asking themselves questions, as she will "you". – Funk Forty Niner Nov 12 '15 at 17:03
lol, yeah it's an start – Jah Nov 12 '15 at 17:06
1

There are few too many things wrong with her code. It's one of those *OMG!!!* questions ;-) but yeah, "it's a start". – Funk Forty Niner Nov 12 '15 at 17:08
you can use this for guidance http://codingcyber.com/simple-login-script-php-and-mysql-64/ – Jah Nov 12 '15 at 17:16
Seeing I am getting notifications for each comment until someone else comes in the convo here; your link that you left, isn't a good one. It's totally unsafe and for many reasons. It's best you post it (or additional comments) under their question and not here. – Funk Forty Niner Nov 12 '15 at 17:20
yeah, but it's an start like i said. some one need's to learn the basic. – Jah Nov 12 '15 at 17:21
This is 2015 and not 1995, remember that. A lot of water has gone under the bridge in 30 "years". Suggesting `mysql_` functions without escaping data, isn't good. What they should use is either `mysqli_` or PDO with a prepared statement, and a safe password hashing function such as `password_hash()`. That was posted in a few comments under her question. You should have a look at those also ;-) – Funk Forty Niner Nov 12 '15 at 17:24
you got me there, im just going back to my golden days :) – Jah Nov 12 '15 at 17:26
hahaha, yeah I'm a nostalgic kind of guy too, but when it comes to "coding" and using databases etc., then I have to remember that not only I, but my clients are also in "the 21st century", and MUST use 21st century technology ;-) *Cheers* – Funk Forty Niner Nov 12 '15 at 17:27

PHP Login Form Session Error

1 Answers1