0

Here is my code: I have started the session at the top of the page index.php already ` 

if(isset($_POST['btsubmit'])){
    $username=$_POST['txtname'];
    $password=$_POST['txtpass'];
    $sql="SELECT * FROM tbuser WHERE AccountName='$username' AND Password='$password'";  
    $query=mysql_query($sql) or die(mysql_error());

    if($username="" or $password=""){
        echo"Your box is empty";
    }else{      
        if($row = mysql_fetch_array($query)){
            $_SESSION['AccountName']= $row['AccountName'];
            header("Location: welcome.php");
            exit();
        }else{
            echo "fail";
        }

    }
}

?>` When I login success, it does not redirect to the page welcome.php, it stays at index.php the same. Any help would be appreciated. Thanks..

Tepken Vannkorn
  • 9,648
  • 14
  • 61
  • 86
  • Is it possible that your session isnt working, and you are redirected to welcome but then straight back to index? – TJHeuvel Jul 27 '11 at 11:59
  • 1
    You need to use `session_start()` on the file which has the above code, and on `welcome.php` right after ` – Shef Jul 27 '11 at 12:04
  • 1
    @tepkenvannkorn **Offtopic** Also you should put `limit 1` at the end of your query or check for multiple users when the result is back. – Lawrence Cherone Jul 27 '11 at 12:10

2 Answers2

5

I think this is because of your if condition if($username="" or $password=""){ This should be == instead of =. Because of this, it never goes to the else part of the code. Alse, is it your actual code ? You are first making DB query and after that checking if username/password input was empty.

Probably you should first check if both inpts are not empty then you should make query, and if the query is successful, then you should redirect to the welcome page.

Roman
  • 3,764
  • 21
  • 52
  • 71
1

First off, Don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

To build on my comment:

<?php
    $con=mysql_connect("localhost","root","");
     mysql_select_db("myphone",$con);

    if(isset($_POST['btsubmit'])){
        $username=(!empty($_POST['txtname']))?mysql_real_escape_string($_POST['txtname']):false;
        $password=(!empty($_POST['txtname']))?mysql_real_escape_string($_POST['txtpass']):false;
        if($username===false || $password===false){die('Username or password is blank!');}

        $sql="SELECT AccountName FROM tbuser WHERE AccountName='$username' AND Password='$password' LIMIT 1";  
        $query=mysql_query($sql);
        if(mysql_num_rows($query)==1){
            $row = mysql_fetch_assoc($query);
            $_SESSION['AccountName']=$row['AccountName'];
            $_SESSION['LoggedIn']=TRUE;
            header("Location: ./welcome.php");
            exit();
        }else{
             echo "Fail";
        }  
    }              
?>
Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106