Get Always Validation Error in Login Page Even Correct Data is Given

Question

Following is the Code for LOGIN page used with html & php. The problem I am facing is that , even after submitting correct information Login is failed . Is there any problem with the query I used?

<html>
<head>
    <title>login</title>
    <link rel="stylesheet" href="css/insert.css" />
</head>
<body>
    <div class="maindiv">
    <!--HTML form -->
        <div class="form_div">


            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">  <!-- method can be set POST for hiding values in URL-->
                <h2>Login Form</h2>


                <label>Email:</label><br />        
                <input class="input" type="email" name="mail"    />
                <br />
                <label>Password:</label><br />        
                <input class="input" type="text" name="pass"    />
                <br />



                <input class="submit" type="submit" name="submit"    value="Login" />

PHP

   //Selecting Database from Server
   $db = mysql_select_db("tanni", $connection);
   if(isset($_POST['submit'])){

      //Fetching variables of the form which travels in URL
      $mail = $_POST['mail'];
      $pass = $_POST['pass'];

      if($mail!=''&&$pass!=''){
         $query=mysql_query("SELECT* FROM user WHERE mail='".$mail."' and   pass='".$pass."'") or die(mysql_error());
         $res=mysql_fetch_row($query);
        if($res){
           $_SESSION['mail']=$mail;
        }else {
               echo'You entered username or password is incorrect';
        }
     }else{
               echo'Enter both username and password';
     }
  }

    //Closing Connection with Server
    mysql_close($connection);
?>                  
            </form>
        </div>
        <div class="formget"><a href=http://www.formget.com/app><img  src="formget.jpg" alt="Online Form Builder"/></a>
        </div>
    </div>
   </body>
 </html>

What is the problem in the code?

You tell us. What is the problem? How does login fail? Exception? Just rejected? What do _you_ think is causing it? — Mad Physicist, Mar 18 '16 at 13:33
Use `mysql_num_rows()` to check number of rows return from your query instead `mysql_fetch_row` and `mysql` is deprecated instead use `mysqli or PDO` — Saty, Mar 18 '16 at 13:35
It always shows the error saying incorrect result ! which is supposed to be happened when if($query) gets false . — sat, Mar 18 '16 at 13:35

score 1 · Answer 1 · edited May 23 '17 at 12:15

1

Need space between select and * at SELECT* FROM

Your query would be

SELECT * FROM user WHERE...

Use mysql_num_rows() to check number of rows return from your query instead mysql_fetch_row

mysql is deprecated instead use mysqli or PDO

You need to start session at the top of your page

session_start();

Don't store plain password into database use password hashing technique

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/faq.passwords.php

Your code is open for sql injection read

How can I prevent SQL injection in PHP?

Your whole code would be

<?php

session_start();
//Establishing Connection with Server
$connection = mysql_connect("localhost", "root", "");

//Selecting Database from Server
$db = mysql_select_db("tanni", $connection);
if (isset($_POST['submit'])) {

//Fetching variables of the form which travels in URL


    $mail = $_POST['mail'];

    $pass = $_POST['pass'];

    if ($mail != '' && $pass != '') {
        $query = mysql_query("SELECT * FROM user WHERE mail='" . $mail . "' and   pass='" . $pass . "'") or die(mysql_error());
        $res = mysql_num_rows_row($query);
        if ($res == 1) {
            $_SESSION['mail'] = $mail;
        } else {
            echo'You entered username or password is incorrect';
        }
    } else {
        echo'Enter both username and password';
    }
}

//Closing Connection with Server
mysql_close($connection);
?>

edited May 23 '17 at 12:15

Community

1
1

answered Mar 18 '16 at 13:39

Saty

22,443
7
33
51

Fatal error: Call to undefined function start_session() – sat Mar 18 '16 at 13:57
ahh my bad it's `session_start();` not `start_session()` – Saty Mar 18 '16 at 13:58
well but after correction warning is as follows: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\tanni\login.php:13) in C:\xampp\htdocs\tanni\login.php on line 29 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\tanni\login.php:13) in C:\xampp\htdocs\tanni\login.php on line 29 You entered username or password is incorrect – sat Mar 18 '16 at 14:01
write session_start(); to top of the page always. – Saty Mar 18 '16 at 14:03
check http://stackoverflow.com/questions/8812754/cannot-send-session-cache-limiter-headers-already-sent and http://stackoverflow.com/questions/21521768/warning-session-start-cannot-send-session-cookie-headers-already-sent-by – Saty Mar 18 '16 at 14:06

Get Always Validation Error in Login Page Even Correct Data is Given

1 Answers1