Log in page in php

vamshi_hyd · February 24, 2013, 11:19am

hi i am new to php,i am creating php login page if user is log in successfully the page must redirect to another page if failed to log in i has to show error msg here is my code but some thing going wrong here pls help me


<?php

$username="root";
$password="******";
$hostname="localhost";

$dbhandle=mysql_connect($hostname,$username,$password);
$selected=mysql_select_db("ninepixel",$dbhandle);

$username=$_POST['username'];
$password=$_POST['password'];

$username=stripslashes($username);
$password=stripslashes($password);

$query="select * from users where username='$username' and password='$password'";
$result=mysql_query($query);

if(mysql_num_rows($result)==1){
header('location:userpage.php');
exit();
}
else{
header('location:signinform.php');
exit();
}

?>

rpkamp · February 24, 2013, 4:12pm

What is going wrong?
Don’t use the myql_ functions anymore, they are deprecated
Don’t use strip_slases for escaping params, it doesn’t always work as expected.

instead of mysql_ with strip_slashes I would recommend using PDO with prepared statements.

system · February 27, 2013, 5:03am

Hello,
i think you can use session for redirect login successful and login fail you are not using session.

system · February 27, 2013, 5:07am

Hi,
Please use this code:-
Database
MySQL admin table columns id, username, passcode.
CREATE TABLE admin
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(30) UNIQUE,
passcode VARCHAR(30)
);
Config.php
Database configuration file.
<?php
$mysql_hostname = “hostname”;
$mysql_user = “username”;
$mysql_password = “password”;
$mysql_database = “database”;
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die(“Opps some thing went wrong”);
mysql_select_db($mysql_database, $bd) or die(“Opps some thing went wrong”);
?>
Login.php
Contains PHP and HTML code.
>?php
include(“config.php”);
session_start();
if($_SERVER[“REQUEST_METHOD”] == “POST”)
{
// username and password sent from Form
$myusername=addslashes($_POST[‘username’]);
$mypassword=addslashes($_POST[‘password’]);

$sql=“SELECT id FROM admin WHERE username=‘$myusername’ and passcode=‘$mypassword’”;
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row[‘active’];
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
session_register(“myusername”);
$_SESSION[‘login_user’]=$myusername;

header(“location: welcome.php”);
}
else
{
$error=“Your Login Name or Password is invalid”;
}
}
?>
<form action=“” method=“post”>
<label>UserName :</label>
<input type=“text” name=“username”/><br />
<label>Password :</label>
<input type=“password” name=“password”/><br/>
<input type=“submit” value=" Submit "/><br />
</form>

lock.php
Session verification. If no session value page redirect to login.php
<?php
include(‘config.php’);
session_start();
$user_check=$_SESSION[‘login_user’];

$ses_sql=mysql_query("select username from admin where username=‘$user_check’ ");

$row=mysql_fetch_array($ses_sql);

$login_session=$row[‘username’];

if(!isset($login_session))
{
header(“Location: login.php”);
}
?>

welcome.php

<?php
include(‘lock.php’);
?>
<body>
<h1>Welcome <?php echo $login_session; ?></h1>
</body>

logout.php
SignOut Destroy the session value.
<?php
session_start();
if(session_destroy())
{
header(“Location: login.php”);
}
?>
Please apply this code check what error in your code.

system · February 27, 2013, 8:23am

Please don’t use the above code. It’s nasty.

Celestia · February 27, 2013, 8:49am

This is just like my page looks

<form id=‘login’ action=‘login.php’ method=‘post’ accept-charset=‘UTF-8’>
<fieldset >
<legend>Login</legend>
<input type=‘hidden’ name=‘submitted’ id=‘submitted’ value=‘1’/>

<label for=‘username’ >UserName*:</label>
<input type=‘text’ name=‘username’ id=‘username’ maxlength=“50” />

<label for=‘password’ >Password*:</label>
<input type=‘password’ name=‘password’ id=‘password’ maxlength=“50” />

</fieldset>
</form>

system · February 27, 2013, 9:00am

@ aaarrrggh way you tell not use the code.