PHP - My Login Menu Is Almost Working There Is Just One Problem

I am totally new in PHP, can anyone help me with this problem:

Login Button is not working after clicking this button this should print a echo message.
 

<from action="" method="POST">

<input type="text" placeholder="username"> <br>

<input type="password" placeholder="Password"><br>

<input type="submit" name="login" value="Login"> 

</from> 

<?php if ( isset($_POST['login'])){

echo "hissssssssssssssssssss"; 

} 

?>

 

Hello all,

I'm new to any kind of coding, but I recently graduated college with an English degree and decided to try to become a technical writer, but quickly realized I would need to learn some basic coding to publish stuff as many companies are moving away from paper.  Anyway, that's the background to why I'm about to ask a really simple question:

I wrote a login script, and it rejects people correctly who don't have the correct credentials, and it accepts the people that do, but while the failed attempts send the appropriate alert (the alert also pops up when u first open the page, which if you all can figure out why and stop it, that would be awesome, but its not the main problem), for those who do log in it does not send them to the link that I'm trying to send them to upon log in.  Instead, they stay on the same page, but the login text boxes are gone.  Any help would be appreciated, thanks.  Here is the code:
<html>
<body style="background-color:rgb(240,230,200);font-family:Times;font-size:110%;">
<p style="text-align:center;font-family:Arial;font-size:250%"> ///text removed for privacy///</p>
<p style="text-align:center;font-family:Arial;font-size:200%"> ////text removed for privacy </p>
<CENTER><img src="////removed for privacy/////" width="700" height="500"/></Center>
<p style="text-align:center;"> To access the site, please use enter your User ID and Password. </p>
<center>
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php
session_start();
include("passwords.php");
if ($_POST["ac"]=="log") { 
     if ($USERS[$_POST["username"]]==$_POST["password"]) {
          $_SESSION["logged"]=$_POST["username"];
     } else {
          echo 'Please enter a vaild Username and Password';
     };
};
if (array_key_exists($_SESSION["logged"],$USERS))   
    header("index.html");
    else {
    echo "<script>alert('Please enter valid Username and Password')</script>";
     echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
     echo 'Username: <input type="text" name="username" /><br />';
     echo 'Password: <input type="password" name="password" /><br />';
     echo '<input type="submit" value="Login" />';
     echo '</form>';
   }
?>
</center>
</body>
</html>

My Login Script is not working! Please someone help.  I am typing in the correct email and password!
Mysql Table
Table - Users
email varchar 100
password varchar 256

form
Code: [Select]

action/members.php
Code: [Select]
<?php
session_start();
include("../config.inc.php");
include("../classes/class.action.php");
if ($_POST['login'] && $_POST['*****'] == '*****') {
$info = array();
$info['email'] = $_POST['email'];
$info['password'] = hash("sha256", $_POST['password']);
if ($Action->Login($info)) {
$_SESSION['CPLoggedIn'] = $_POST['email'];
header("Location: ../index.php");
} else {
$Error[] = '- Please check you email and password!';
$_SESSION['CPErrors'] = $Error;
header("Location: ../index.php?action=LoginForm");
}
}
classes/class.actions.php
Code: [Select]
<?php
class Action {

var $Erros = array();

function Login($info) {
foreach ($info as $key => $val) {
if ($key = "password") {
$$val = mysql_real_escape_string($val);
$password = hash("sha256", $val);
$values[$key] = $password;
} else {
$values[$key] = mysql_real_escape_string($val);
}

}

$Sql = "SELECT * FROM Users WHERE email = '{$values['email']}' AND password = '{$values['password']}'";
$Query = mysql_query($Sql);
$Num = mysql_num_rows($Query);
if ($Num > 0) {
return true;
} else {
return false;
}
}
}
$Action = new Action;

Hi, I made a login/register system and it was working fine, but now I seem to have broken it and I'm scratching my head as to why. I think it's something to do with the $_SESSION array, the error happens from going from the login.php page to members.php, I log in successfully, but when I get to the members page it says "you must be logged in".

index.php has the form to login or a link to register.php to make an account
Code: [Select]
<?php session_start(); ?>
<html>
<head>
<title>Lincs Crusade | Login page.</title>
</head>
<body>
<form action="login.php" method="POST">
Username:
<input type="text" name="username"><br />
Password:
<input type="password" name="password"><br />
<input type="submit" value="Login">
</form>
<a href="register.php">Click here to register!</a>
</body>
</html>

The register.php page
Code: [Select]
<?php
session_start();
echo "<h2>Register</h2>";
$submit = $_POST['submit'];
$username = strip_tags($_POST['username']); 
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
$email = $_POST['email'];
$date = date("Y-m-d");

if ($submit) { 
if ($username&&$password&&$repeatpassword&&$email) {
if ($password==$repeatpassword) {
if (strlen($username)>65) { 
echo "Length of username is too long!"; 
} elseif (strlen($email)>100) { 
echo "Length of email is too long!";
} elseif (strlen($password)>65||strlen($password)<8) {
echo "Password must be between 8 and 65 characters long!"; 
} else {
include('functions.php'); 
echo "All fields were accepted! ";
$password = md5($password);
$repeatpassword = ($repeatpassword);
$email = md5($email);
connect(); 
mysql_query(" 
INSERT INTO users VALUES ('','$username','$password','$email','$date') 
") or die("Could not insert values into <em>users</em> table!");
mysql_query("
INSERT INTO stats VALUES ('$username',10,10,0,1)
") or die("Could not insert values into <em>stats</em> table!");
$_SESSION['username'] == $username;
die("You have been registered! Please return to <a href=\"index.php\">homepage</a> and login."); 
}
} else {
echo "Your passwords do not match!";
}
} else {
echo "Please fill in <em>all</em> fields!";
}
 
}
?>
<html>
<head>
<title>Lincs Crusade | Register an Account.</title>
</head>
<body>
<form action="register.php" method="POST">
<p>Your username:</p>
<p>Note: Do not use your real name.</p>
<input type="text" name="username" value="<?php echo $username ?>"/>=
<p>Choose a password:</p>

<input type="password" name="password" />
<p>Please repeat password:</p>
<input type="password" name="repeatpassword" />
<p>Your student email:</p>
<p>Note: This is only used for recovering a lost or forgotten password.</p>
<input type="text" name="email" /><br />
<input type="submit" value="Register" name="submit" />
<p>
Note: Your password and email are md5 encrypted. This means neither I (the author) or anyone else will be able to view your information<br />
in plain text. For example, your password or email will look something like this "534b44a19bf18d20b71ecc4eb77c572f" once it has been encrypted.
</p>
</form>
</body>
</html>

The login.php page that process the form data to access members.php page
Code: [Select]
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password) {
include('functions.php');
connect();
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query); 
if ($numrow!=0) { 
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&md5($password)==$dbpassword) { 
echo "You're in! - <a href=\"members.php\">Proceed to the members page</a>";
$_SESSION['username'] == $username; 
} else {
echo "Incorrect password!";
}
} else {
die ("That user doesn't exist,<a href=\"register.php\">please register an account</a>");
}
} else {
die("Please enter a username and password!");
} 
?>

The members.php page
Code: [Select]
<?php 
session_start();
?>
<html>
<head>
<title>Lincs Crusade | Members page.</title>
</head>
<body>
<?php
if ($_SESSION['username']) {
echo "Welcome," .$_SESSION['username']. "!<br />";
echo "<a href=\"stats.php\">View your stats.</a>";
} else {
die ("You must be logged in.");
}
?>
</body>
</html>

and this is what is in the functions.php file
Code: [Select]
<?php
function connect() {
    mysql_connect("localhost","root","password") or die ("Unable to connect");
mysql_select_db("database") or die ("Unable to find database");
}
?>

Thanks for your help.

I'm making a login/sign up page and the following pieces are not working together properly. When I set up the login page following a guide, it had me direct input the structure and I added a user (password is encrypted). When I log in with that password/username, it passes authentication.php perfectly. When I use my signup form (signup.php is simply called by a button on an HTML), it fails saying "Incorrect Password!". I'd say it's failing because of encryption but it passes with my old login that is encrypted so I'm thoroughly lost.

Authentication.php

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'test';
$DATABASE_NAME = 'login';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
	// If there is an error with the connection, stop the script and display the error.
	die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
	// Could not get the data that should have been sent.
	die ('Please fill both the username and password field!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
	// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
	$stmt->bind_param('s', $_POST['username']);
	$stmt->execute();
	// Store the result so we can check if the account exists in the database.
	$stmt->store_result();
if ($stmt->num_rows > 0) {
	$stmt->bind_result($id, $password);
	$stmt->fetch();
	// Account exists, now we verify the password.
	// Note: remember to use password_hash in your registration file to store the hashed passwords.
	if (password_verify ($_POST['password'], $password)) {
		// Verification success! User has loggedin!
		// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
		session_regenerate_id();
		$_SESSION['loggedin'] = TRUE;
		$_SESSION['name'] = $_POST['username'];
		$_SESSION['id'] = $id;
		header('Location: dashboard.php');
	} else {
		echo 'Incorrect password!';
	}
} else {
	echo 'Incorrect username!';
}
	$stmt->close();
}
?>

 

Signup.php

<?php
 
// get database connection
include_once '../config/database.php';
 
// instantiate user object
include_once '../objects/user.php';
 
$database = new Database();
$db = $database->getConnection();
 
$user = new User($db);
 
// set user property values
$user->username = $_POST['uname'];
$user->password = base64_encode($_POST['password']);
$user->created = date('Y-m-d H:i:s');
 
// create the user
if($user->signup()){
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Signup!",
        "id" => $user->id,
        "username" => $user->username
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Username already exists!"
    );
}
print_r(json_encode($user_arr));
?>

 

login.php

<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/user.php';
 
// get database connection
$database = new Database();
$db = $database->getConnection();
 
// prepare user object
$user = new User($db);
// set ID property of user to be edited
$user->username = isset($_GET['username']) ? $_GET['username'] : die();
$user->password = base64_encode(isset($_GET['password']) ? $_GET['password'] : die());
// read the details of user to be edited
$stmt = $user->login();
if($stmt->rowCount() > 0){
    // get retrieved row
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    // create array
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Login!",
        "id" => $row['id'],
        "username" => $row['username']
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Invalid Username or Password!",
    );
}
// make it json format
// print_r(json_encode($user_arr));
if (in_array("Successfully Login!", $user_arr)) { 

	header('Location: ../../dashboard.html');
}
?>

 

I am trying to create a remote login to one website using mine. The users will need to enter their username and password on my site, and if they are registered to my website, their login credentials will be sent to another website and a page will be retrieved. I am stuck at sending the users' data to the original site. The original site's viewsource is this..

<form method=post>
<input type="hidden" name="action" value="logon">
<table border=0>
<tr>
<td>Username:</td>
<td><input name="username" type="text" size=30></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" size=30></td>
</tr>
<td></td>
<td align="left"><input type=submit value="Sign In"></td>
</tr>
<tr>
<td align="center" colspan=2><font size=-1>Don't have an Account ?</font> <a href="?action=newuser"><font size=-1 color="#0000EE">Sign UP Now !</font></a></td>
</tr>
</table>

I have tried this code, but not works.

<?php
$username="username"; 
$password="password"; 
$url="http://www.example.com/index.php"; 

$postdata = "username=".$username."&password=".$password;

$ch = curl_init(); 
curl_setopt ($ch, CURLOPT_URL, $url); 
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); 
curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt ($ch, CURLOPT_REFERER, $url); 
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
curl_setopt ($ch, CURLOPT_POST, 1); 
$result = curl_exec ($ch); 
header('Location: track.html'); 
//echo $result;  
curl_close($ch);
?>

Any help would be appreciated, Thanks in advance.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=348317.0

I have a form on my website which actions login.php. The login.php code is below:

<?php
include('includes/classes.php.inc');
session_start();
$link = new BaseClass();
$data = $link->query("SELECT * FROM logins");
$pass_accepted = false;
if($_REQUEST['username'] && $_REQUEST['password']){
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
while($row = mysql_fetch_array($data)){
if(($row['username']==$useranme)&&($row['password']==$password){
echo 'Password correct!';
$_SESSION['loggedin']=true;
$pass_accepted = true;
} 
}
} else {
echo 'You did not enter a username or password!';
}
if(!$pass_accepted){ echo 'Your password is incorrect'; }
echo '<br>Please <a href="index.php">click here</a> to return to page'; 
?>

I have checked that my references are all correct however even when I enter the correct password it returns saying the password is incorrect. Any idea on why this could be? I am happy to answer any follow up questions.

Regards

Hello, for some reason I am unable to get the following code to work:

Code: [Select]
<?php
echo "<h1>Login</h1>";

if ($_SESSION['uid']) {
    echo "&nbsp; &nbsp; You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if (!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = addslashes(strip_tags(($_POST['username'])));
$pass = addslashes(strip_tags($_POST['password']));
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){

$query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'");
$row2 = mysql_fetch_assoc($query);
$locked = $row2['locked'];

$query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$active = $row3['active'];

$query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$email = $row3['email'];


if ($active ==1){

if ($locked == 0){

$date = date("j")."^{".date("S")."} ".date("F, Y");

mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'");

$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$previous = $_COOKIE['prev_url'];
echo "&nbsp; &nbsp; You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n";
}else
{
echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>.";
}
} else {
echo "You need to activate your account! Please check your email ($email)";
}
   }else {
                        echo "&nbsp; &nbsp; Username and password combination are incorrect!\n";
                    }
                }else {
                    echo "&nbsp; &nbsp; The username you supplied does not exist!\n";
                }
            }else {
                echo "&nbsp; &nbsp; You must supply both the username and password field!\n";
            }
}

}
?>
It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add.

Thanks,
Cameron

I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection):

$id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'";

$realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena];

$func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];

//Login if(!empty($username)) { // Check the email with database
$userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if( $userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } Else{ $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./index.php"); } } Else{ die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. } Else{ die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } ?>

Hello there,

The problem is that my login system isn't consistent. There's an option of staying logged in, and if you check that a cookie gets created with a hash. When you visit the site again, you should be logged in automatically. But the thing is, that when you load the page, you aren't! But after a refresh you are logged in. So I'm guessing a problem in the order of things that get done... Here's the script:

Code: [Select]
<?php
session_start();
if(isset($_COOKIE['LoginCookie']))
{
$hash = $_COOKIE['LoginCookie'];
mysql_select_db('database');
$sql = "SELECT all the info of the people FROM people WHERE cookie_hash = '".$hash."'";
if($result = mysql_query($sql))
{
$row = mysql_fetch_array($result);
if(empty($row))
{
setcookie('LoginCookie','',time()-3600);
}
if(mysql_num_rows($result) == 1)
{
$_SESSION['loggedin'] = true;
$_SESSION['loggedinnick'] = $row['nick'];
$_SESSION['loggedinvoornaam'] = $row['voornaam'];
$_SESSION['loggedinachternaam'] =  $row['achternaam'];
$_SESSION['loggedinid'] = $row['id'];
$_SESSION['loggedintype'] = $row['type'];
}
}
}


if(isset($_POST['login']))
{
if(empty($_POST['username']) || empty($_POST['wachtwoord']))
{
$_SESSION['melding'] = 'ERROR';
header('Location: index.php');
exit();
}
$username = CleanMyDirtyData($_POST['username']);
$wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord']));
mysql_select_db('database');
$sqlmail = mysql_query("SELECT * FROM people WHERE email='$username' AND wachtwoord = '$wachtwoord'");
$sqlnaam = mysql_query("SELECT * FROM people WHERE nick='$username' AND wachtwoord = '$wachtwoord'");
if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1)
{
if(mysql_num_rows($sqlmail) == 1)
{
$row = mysql_fetch_array($sqlmail);
}
else
{
$row = mysql_fetch_array($sqlnaam);
}
if(isset($_POST['remember']))
{
$hash = sha1($username . 'Some secret thingys for your safety');
setcookie('LoginCookie',$hash,time()+30000000);
mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error());
}
$_SESSION['loggedin'] = true;
$_SESSION['loggedinnick'] = $row['nick'];
$_SESSION['loggedinvoornaam'] = $row['voornaam'];
$_SESSION['loggedinachternaam'] = $row['achternaam'];
$_SESSION['loggedinid'] = $row['id'];
$_SESSION['loggedintype'] = $row['type'];
$_SESSION['melding'] = 'You are logged in now.';
}
else
{
$_SESSION['melding'] = 'ERROR';
header('Location: index.php');
exit();
}
}

So if the checkbox that you want to stay logged in, there is no cookie made but the $_SESSION['loggedin'] is set to true. Throughout the rest of the page, this parameter is used to show either content for guests of private content for people that are logged in.

BUT the problem is that if it is checked on the first page load the $_SESSION['loggedin'] doesn't seem to get set even though the cookie is set.


Another slight problem with my script is that when a user logs in on another pc, the hash get's changed in the database and the user gets logged out of the site on the previous page. What is the easiest way to do that?
And do you guys think this script is safe? Or do you see some holes?

Thanks in advance!
arbitter

i want help as i cant find that the reason that why registered members cant login, when user pass entered it does not process any thing any help will be appreciated

Code: [Select]
<?php
  session_start();
  session_register("id_session");
  session_register("password_session");
include "header.php";
include "config.php";
$a="";
$b="";
if ($_POST) {
$a=trim($_POST["id"]);
$b=trim($_POST["password"]);
$a=str_replace("'","",$a);
$b=str_replace("'","",$b);
$a=str_replace("\"","",$a);
$b=str_replace("\"","",$b);
}
if ($a=="" || $b=="")
{

  if ($_SESSION["id_session"]=="" || $_SESSION["password_session"]=="")
  {

?>
<form action=members.php method=post>

<br><br><Center><table><tr><td colspan=2 align=center><h3>Members Login Area</h3></td></tr>
<tr><td>Member's ID</td><td><input type=text name=id></td></tr>
<tr><td>Password</td><td><input type=password name=password></td></tr>
<tr><td>&nbsp;</td><td>
<a href="forgot.php" onclick="doexit=false;"><font face="Verdana,Arial,Helvetica" size="1" color="#000000"><b>Forgot Your Password?</b></font></a></td></tr>
<tr><td colspan=2 align=center><input type=submit value="Log In"></td></tr>
</table></form>


<?
  }
  else
  {
  middle();
  }
}
else
{
$check=0;

$id=$_POST["id"];
$rs = mysql_query("select * from members where ID='$id'");

if ($rs) {
$arr=mysql_fetch_array($rs);
$n2=$arr['Password'];
if ($n2==$b) {
$check=1;
$_SESSION["id_session"]=$arr[0];
$_SESSION["password_session"]=$arr[9];
middle();
}
}
if ($check==0)
{
  print "<h2>Invalid User Id or Password</h2>";
?>
<form action=members.php method=post>

<br><br><Center><table><tr><td colspan=2 align=center><h3>Members Login Area</h3></td></tr>
<tr><td>Member's ID</td><td><input type=text name=id></td></tr>
<tr><td>Password</td><td><input type=password name=password></td></tr>
<tr><td>&nbsp;</td><td>
<a href="forgot.php" onclick="doexit=false;"><font face="Verdana,Arial,Helvetica" size="1" color="#000000"><b>Forgot Your Password?</b></font></a></td></tr>
<tr><td colspan=2 align=center><input type=submit value="Log In"></td></tr>
</table></form>
<?
}
}

function middle()
{
$id=$_SESSION["id_session"];
$rs = mysql_query("select * from members where ID=$id");
$arr=mysql_fetch_array($rs);
$check=1;
$id=$arr[0];
$password=$arr[9];
        $name=$arr[1];
        $address=$arr[2];
$city=$arr[3];
$state=$arr[4];
$zip=$arr[5];
$country=$arr[6];
$phone=$arr[7];
$email=$arr[8];
$password=$b;
$paymentoption=$arr[10];
$refby=$arr[11];
$l1=$arr[12];
$l2=$arr[13];
$l3=$arr[14];
$l4=$arr[15];
$l5=$arr[16];
$l6=$arr[17];
$l7=$arr[18];
$l8=$arr[19];
$l9=$arr[20];
$l10=$arr[21];
$leader=$arr[22];
$total=$arr[23];
$unpaid=$arr[24];
$paid=$arr[25];

?>
 <table border="0" width="650">
   <tr>
   <td width="150" valign="top">
     <table width="140">
     <tr>
       <td align="left"><br><br><br><br>
        <ul><font face="verdana" size="1">
<a href="stats.php">Statistics</a><br><br>
<a href="update_pf.php">Edit Personal Information</a><br><br>
<a href="sample_e.php">Referral Code & Links</a><br><br>
              <a href="logout.php">Logout</a><br><br>
</td></tr></table>
     </td>
     <td VALIGN="top">
     <table>
<tr>
<td>
<font face="verdana" size="3"><b>
<p>Account Center</b></font></p>
<br>
</td>
</tr>
<tr>
<td>

<div align="center">
<table border="0" cellpadding="3" cellspacing="0" width="400">
     
      <tr>
        <td colspan="2"><b>
         <hr><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"><center>&nbsp;Account Details for <?echo $name;?></font></center></b><hr>
        </td>
      </tr>
      <tr>
        <td valign="center" align="left"><strong><font face="Verdana" size="-1">Total Commisions Earned: </font></strong><br></td>
        <td valign="center"> <font face="Verdana" size="-1">$<? echo $total;?></font><br></td>
      </tr>
      <tr>
        <td valign="center" align="left"><strong><font face="Verdana" size="-1">Commisions Due: </font></strong><br></td>
        <td valign="center"> <font face="Verdana" size="-1">$<? echo $unpaid;?></font><br></td>
      </tr>
      <tr>
        <td valign="center" align="left"><strong><font face="Verdana" size="-1">Commisions Paid: </font></strong><br></td>
        <td valign="center"> <font face="Verdana" size="-1">$<? echo $paid;?></font><br></td>
      </tr>
      <tr>
        <td valign="center" align="left" colspan=2>&nbsp;</td>
      </tr>
      <tr>
        <td valign="center" align="left"><strong><font face="Verdana" size="-1">Direct Referrals: </font></strong><br></td>
        <td valign="center"> <font face="Verdana" size="-1"><?
$rsd=mysql_query("select * from members where Leader=".$id);
 echo mysql_num_rows($rsd); ?></font><br></td>
      </tr>
      <tr>
        <td valign="center" align="left" colspan=2>&nbsp;</td>
      </tr>
      <tr>
        <td valign="center" align="left" colspan=2><strong><font face="Verdana" size="3">Downline Information </font></strong><br></td>
      </tr>

      <tr>
        <td valign="center" align="left"><strong><font face="Verdana" size="-1">Total Downline Size: </font></strong><br></td>
        <td valign="center"> <font face="Verdana" size="-1"><?     echo ($l1+$l2+$l3+$l4+$l5+$l6+$l7+$l8+$l9+$l10); ?></font><br></td>
      </tr>
<tr><td colspan=2>

<Table width=100%>
<tr><td bgcolor=#000000><strong><font face="Verdana" size="-1" color=#ffffff>Level</font></strong></td>
<td bgcolor=#000000><strong><font face="Verdana" size="-1" color=#ffffff>Number of Members</font></strong></td> </tr>
<? include "config.php"; ?>
<? for($i=1;$i<=$levels;$i++) { ?>
<tr><td><strong><font face="Verdana" size="-1"><? echo $i; ?></font></strong></td>
<td ><font face="Verdana" size="-1">
<?
if($i==1) {
echo $l1;
}
elseif($i==2) {
echo $l2;
}
elseif($i==3) {
echo $l3;
}
elseif($i==4) {
echo $l4;
}
elseif($i==5) {
echo $l5;
}
elseif($i==6) {
echo $l6;
}
elseif($i==7) {
echo $l7;
}
elseif($i==8) {
echo $l8;
}
elseif($i==9) {
echo $l9;
}
elseif($i==10) {
echo $l10;
}
?>
</font></td> </tr>
<? } ?>
</table>
</td></tr>
      <tr><td colspan=4><hr></td><tr>
     </table>
</div>

</td>
</tr>

</table>
<font face="verdana" size="3"><b>
<p>Download Center</b></font></p>

<?
include "download.php";
?>
  </td>
  </tr>
</table>
<br><br>
<?
}
include "footer.php";
?>

edit: added [code][/code] blocks

login system. why wont it work? Did same thing @ school it worked. this is my action page:


<?php
ob_start();
$host="host"; // Host name
$username="user"; // Mysql username
$password="pass"; // Mysql password
$db_name="db"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "users/index.php"
session_register("myusername");
session_register("mypassword");
header("location:users/index.php");
}
else {
echo "Error. Username or password incorrect. Have you <a href='#' onclick='alert()'>registered?</a>";
}

ob_end_flush();
?>



It comes up with this error:

Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 34
 

If you have not registered, please click here
 

 


Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

Hello All,

I have this problem, no matter if I typed the wrong or right email and password, I always get Login failed message
here is my code

index.php

Code: [Select]
<td class="white-text">Email:
                      <form name="form1" method="post" action="/admin/Login.php">
                        <label for="user"></label>
                        <input type="text" name="email" />
                      </td>
                  </tr>
                  <tr>
                    <td><p><strong class="white-text">Password:</strong></p>  <label for="sdf"></label>
                        <input type="password" name="password" />
                     
                      <p class="sdf"><strong></strong><a href="#" class="white-link-underline"><strong></strong></a>
                        <input type="submit" name="submit" id="submit" value="Submit" />
                      </p>
                      </form>
                      </td>

Login.php

Code: [Select]
<?php

session_start();

$con = mysql_connect("localhost","123","123");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("123", $con);

if (isset($_POST['email']))
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

//Query

$results = mysql_query("SELECT * FROM users WHERE 'email' = '$email' AND password = '$password' ");

if(!$result) {
$_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>';
} else {
         
$row = mysql_fetch_assoc($results);
$_SESSION['userid'] = $row['id'];
$_SESSION['email'] = $email;
$_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email;

}
mysql_close($con);

}

header('Location: ./index.php')
?>

Hi, below is the error and php that i used for my login page.   Error:     Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 13

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 13     Php:

<?php
//session_start(); 
$today = date(Ymd);

$_SESSION[username] = $_POST['username'];
$_SESSION[password] = $_POST['password'];
$_SESSION[id] = $_POST['id'];

$username = stripslashes($_SESSION[username]);
$password = stripslashes($_SESSION[password]);
$username = mysql_real_escape_string($_SESSION[username]);
$password = mysql_real_escape_string($_SESSION[password]);
$id = mysql_real_escape_string($_SESSION[id]);



include('connection.php');
$sql_login = "SELECT id FROM admin WHERE username = '$username' and password = '$password'";
$result_login = mysql_query($sql_login);
$count_login = mysql_num_rows($result_login);
//$row = mysql_fetch_assoc($sql_login);

if($count_login == 1)
{
	
	//session_register("user_email");
	//session_register("user_password");
	//echo "PASS";
	header("location:../admin/main_admin.php");
}
else
{
	header("location:admin_login2.php");
	
}
exit;
?>