php - login script redirects user no matter what -

-

i'm making login page website connects mysql database stores login details. when submit form redirects information regardless of whether or not login valid. i'm confused wrong.

my form:

<form name="login" action="edit_profile/index.php" method="post"> //redirects page regardless of has been submitted     <fieldset>         <legend>please enter login details</legend>         <label for="username">username</label>         <input id="username" name="username" type="text" value="" required/><br>          <label for="password">password</label>         <input id="password" name="password" type="password" value="" required/><br>         <input type="submit" value="submit"/>     </fieldset>

the php script:

<?php require_once "connectdb.php";?> <?php     if(isset($_post["submit"])){         $username=$_post["username"];         $password=$_post["password"];          $query=mysql_query("select * login_details username='".$username."'and password='".$password."'");         $numrows=mysql_num_rows($query);     if($numrows!=0) {          while($$row=mysql_fetch_asoc($query)) {             $dbusername=$row["username"];             $dbpassword=$row["password"];         }          if($user == $dbusername && $pass == $dbpassword) {             session_start();             $_session["user_session"]=$user;             echo "<pre>";             print_r($_session);             echo '</pre>';             }         } else {             echo "invalid username or password!"; //does not echo         } } ?>

there few things wrong code.

one of conditional statement

if(isset($_post["submit"])){...}

your submit button not bear name attribute

<input type="submit" value="submit"/>

modify read as

<input type="submit" name="submit" value="submit"/>

then while($$row remove 1 of $

and mysql_fetch_asoc has typo, should read mysql_fetch_assoc

while($row=mysql_fetch_assoc($query))

plus, posted code seems missing closing </form> tag.

  • you should check action , make sure indeed right url php.

  • you should space out and in username='".$username."'and may cause issue username='".$username."' and, just in case.

then have line:

if($user == $dbusername && $pass == $dbpassword)

$user , $pass @ point undefined, may have wanted use $username , $password respectively.

add error reporting top of file(s) find errors.

<?php  error_reporting(e_all); ini_set('display_errors', 1);  // rest of code

sidenote: error reporting should done in staging, , never production.

  • also add or die(mysql_error()) mysql_query().

footnotes:

i noticed may storing passwords in plain text. if case, highly discouraged.

i recommend use crypt_blowfish or php 5.5's password_hash() function. php < 5.5 use password_hash() compatibility pack.

your present code open sql injection. use mysqli prepared statements, or pdo prepared statements. password storage, use crypt_blowfish or php 5.5's password_hash() function. php < 5.5 use password_hash() compatibility pack.


Comments

Post a Comment

Popular posts from this blog

java - Ebean enhancement ignores a model -

-
we using avaje-agentloader enhance our ebeans. ebeans in same package. including loader, agent & base ebean library in our project (via sbt): "org.avaje" % "avaje-agentloader" % "1.1.2", "org.avaje.ebeanorm" % "avaje-ebeanorm" % "4.5.5", "org.avaje.ebeanorm" % "avaje-ebeanorm-agent" % "4.5.2", however, when loader runs enhancement, skips 1 ebean. each ebean annotated @entity , extends com.avaje.ebean.model . there seem no differences between ones enhanced , 1 not. there no includes, or extends, etc. basically, i'm wondering if has run across issue in past, or has insights. things we've tried: specifying actual classes enhanced via serverconfig.setclasses(...) specifying pakages analyse/enhance via serverconfig.addpackage(...) or setpackages(...) not specifying @ , having loader analyse all. we've set break-point @ transformer.transform , bean in questio...
Read more

ubuntu - How to disable Kernel Module Signing in linux -

-
i'm working real time scheduler developed @ university , when run "module verification failed: signature and/or required key missing - tainting kernel". i've learned might because of kernel module signing. possible dissable on ubuntu? i'm using ubuntu vmplayer. module signing enabled within kernel configuration file starting kernel version 3.7, can disable running make menuconfig within kernel source directory , deselecting module signature verification option within enable loadable kernel module menu option. after have recompile kernel.
Read more

SQL php on different pages to Insert (mysqli) -

-
i have piece of php code, works when placed on index page ( index.php ), nothing if put in page, i.e. add.php for example: having code add.php page, tried go to: www.myhost.com/add.php , nothing happen. if copy code index.php , go page www.myhost.com/index.php add row in sql table. why that? <?php $server="mysql.server.com"; $user="randomusr"; $pass="randompwd"; $db="randomdb"; $link=mysqli_connect($server, $user, $pass, $db); $result=mysqli_query($link,"select * `battery` `id`"); $query = "insert battery (id,type,owner,charge,time) values ('1','lily002','maisnow','15','2015-04-22 17:20:28')"; mysqli_query($link, $query); header("location: index.php"); //this 1 comment out when copied index.php ?> l # name type collation attributes null 1 id int(16) no ...
Read more