Jump to content
xisto Community
Sign in to follow this  
contactskn

A Php Login Logout Problem Dear friends please help me out.

Recommended Posts

Dear friends I have wrote some login logout programs but resulted in errors. Please help me. The name of the table is ‘matri’ which includes the fields named as ‘usern’ and ‘passw’. 

The files are checklogin.php



// Define $myusername and $mypassword 
$myusername=$_POST[\'myusername\']; 
$mypassword=$_POST[\'mypassword\']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql=\"SELECT * FROM matri WHERE usern=\'$myusername\' and passw=\'$mypassword\'\";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file \"login_success.php\"
session_register(\"myusername\");
session_register(\"mypassword\"); 
header(\"location linenums:0'><?phpob_start();// Connect to server and select databse.include \'connect.php\';// Define $myusername and $mypassword $myusername=$_POST[\'myusername\']; $mypassword=$_POST[\'mypassword\']; // To protect MySQL injection (more detail about MySQL injection)$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql=\"SELECT * FROM matri WHERE usern=\'$myusername\' and passw=\'$mypassword\'\";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file \"login_success.php\"session_register(\"myusername\");session_register(\"mypassword\"); header(\"location:login_success.php\");}else {echo \"Wrong Username or Password\";}ob_end_flush();?>
The second file is login.php
  .\"AND `passw`=PASSWORD(\'\".$_POST[\"password\"].\"\') \"
  .\"LIMIT 1\";
 // Run query
 $r = mysql_query($q);

 if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION[\"valid_id\"] = $obj->id;
  $_SESSION[\"valid_user\"] = $_POST[\"username\"];
  $_SESSION[\"valid_time\"] = time();

  // Redirect to member page
  Header(\"Location linenums:0'><?phpsession_start();// dBase fileinclude \"connect.php\";if ($_GET[\"op\"] == \"login\") { if (!$_POST[\"username\"] || !$_POST[\"password\"])  {  die(\"You need to provide a username and password.\");  }  // Create query $q = \"SELECT * FROM `matri` \"  .\"WHERE `usern`=\'\".$_POST[\"username\"].\"\' \"  .\"AND `passw`=PASSWORD(\'\".$_POST[\"password\"].\"\') \"  .\"LIMIT 1\"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) )  {  // Login good, create session variables  $_SESSION[\"valid_id\"] = $obj->id;  $_SESSION[\"valid_user\"] = $_POST[\"username\"];  $_SESSION[\"valid_time\"] = time();  // Redirect to member page  Header(\"Location: members.php\");  } else  {  // Login not successful  die(\"Sorry, could not log you in. Wrong login information.\");  } }else {//If all went right the Web form appears and users can log in echo \"<form action=\\\"?op=login\\\" method=\\\"POST\\\">\"; echo \"Username: <input name=\\\"username\\\" size=\\\"15\\\"><br />\"; echo \"Password: <input type=\\\"password\\\" name=\\\"password\\\" size=\\\"8\\\"><br />\"; echo \"<input type=\\\"submit\\\" value=\\\"Login\\\">\"; echo \"</form>\"; }?>
The next file is login_success.php
// Check if session is not registered , redirect back to main page. // Put this code in first line of web page. <? session_start();if(!session_is_registered(myusername)){header(\"location:login.php\");}?><html><body>Login Successful</body></html>



And the last file is logout.php

// Put this code in first line of web page. <? session_start();session_destroy();?>
Please help me as I run the login.php it shows the error 

“Sorry, could not log you in. Wrong login information.”


and I am not getting why please help me out to rectify this error. 
Thank you in advance. 

Notice from truefusion:
Switched QUOTEs to CODEBOXes and CODE

Edited by truefusion (see edit history)

Share this post


Link to post
Share on other sites

Looking at your code i will have to ask you something: Did you escape all quotation marks, whether double or single? Or was it the forum doing that since the code was placed within QUOTE bbcode?If it was you, then you're not supposed to escape them everywhere; you're only supposed to escape them when they conflict with each other within a string. See if that is causing problems. But if the original code doesn't have all those quotation marks escaped, then it would be due to a database error, since that condition of the script is supposed to give out that warning if mysql_fetch_object($r) returned FALSE or returned nothing. Since you have the @ operator, in PHP that is supposed to suppress any error messages, therefore returning nothing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.