0

Index file:

/*<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>

 <title>SMB Login</title>


</head>

<body>
<form name="form1" method="post" action="checklogin.php">
 -------begin -----
                <div class="panel-body">
                    <form accept-charset="UTF-8" role="form">
                    <fieldset>
                        <div class="form-group">
                            <input class="form-control" placeholder="E-mail" name="email" type="text" id="username">
                        </div>
                        <div class="form-group">
                            <input class="form-control" placeholder="Password" name="password" type="password" value="" id="password">
                        </div>
                        <div class="checkbox">
                            <label>
                                <input name="remember" type="checkbox" value="Remember Me"> Remember Me
                            </label>
                        </div> 
                        <input class="btn btn-lg btn-success btn-block" type="submit" value="Login"> 
                    </fieldset>
                    </form>
   ----------etc

The above script is my HTML code for login page, I have added the below PHP script for login. But everytime, i'm getting user name password is wrong though I 'm entering the right one.

checklogin.php --> source code

<?php

ob_start();
$host="mysql"; // Host name 
$username="admin"; // Mysql username 
$password="XXX"; // Mysql password 
$db_name="members_smb"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
*/

Please suggest me where I'm getting wrong?????

A J
  • 3,970
  • 14
  • 38
  • 53
Arun Sunderraj
  • 1
  • which error is occur? @Arun Sunderraj – Mayank Vadiya Jan 11 '16 at 05:12
  • What is `$count`? Any errors thrown? Is your HTML page really completely commented out? You should format your code a bit more. – chris85 Jan 11 '16 at 05:19
  • Did you check `$sql` has proper values? – AddWeb Solution Pvt Ltd Jan 11 '16 at 05:21
  • also as nobody has mentioned this I will. **DON'T** use `mysql_*` extension anymore. Use the [`mysqli_*` extenstion](http://php.net/manual/en/book.mysqli.php) or the [PDO extension](http://php.net/manual/en/book.mysqli.php). As `mysql_*` is deprecated and in PHP 7.0 deleted. Also what you need to do is using [prepared statements](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) when handling user input, here your code is open to SQL-Injections. And I think you don't want some 12 year old kid who found a malicious SQL query to ruin your whole website/database. – BRoebie Jan 11 '16 at 08:56

1 Answers1

2

In your SQL string you are inserting $username and $password but those variables don't exist. You have $myusername and $mypassword.

Change to:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

There is a lot more wrong with your code but this is the crux of your issue.

Dylan James McGannon
  • 834
  • 1
  • 7
  • 14