2

i have a form file with name form1.php

<?PHP
//form.php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
        <title>form</title>
</head>

<body>
        <?PHP if (isset ($_SESSION["notfound"])) { ?> 
                <h2 style="text-align:center">Wrong user name or password</h2>
        <?PHP unset($_SESSION["notfound"]);}
         if (isset ($_SESSION["empty"])) {?>
                <h2 style="text-align:center">Empty</h2>
        <?PHP unset($_SESSION["empty"]); }?>

    <form name="signin" action="http://localhost/M1.php" method="post">
    <table>
        <tr>
            <td>
            <label>
            Username<input type="text" name="name" size="32"/>
            </label>
            </td>
            <td>
            <label>
            Password <input type="password" name="pass" size="32"/>
            </label>
            </td>
            <td>
            <input type="submit" value="Login" />
            </td>
        </tr>
    </table>
    </form>

and controll file M1.php

<?php
$name=$_POST["name"];
$pass=$_POST["pass"];
if((!empty($name)) && (!empty($pass)))
{
    session_start();
    if($conection=mysql_connect("localhost","","")===false)
        die("not connect to data base");

    if(mysql_select_db('login',$conection) ===false)
        die("data base not found");


    $sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

    $dbpass=mysql_query($sql);

    if ($dbpass==$pass) 
    {
        $_SESSION["authenticated"]=true;
        header("Location: http://localhost/home.php");
        exit;
    }
     else   //if ($dbpass===false)
    {
        $_SESSION["notfound"]=true;
        header("Location: http://localhost/form1.php");
        exit;
    }
}
else
{
    $_SESSION["empty"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}
?>

*i am useing xampp for runing them i have data base loging which contain a table signin when i fill the form with same user name and password which i save in signin table and click submit it return me on form1.php with session 'notfoun' and when i submit empty form it return me without seting empty session *

Improve this question
4
  • 1
    session_start(); should be at the very top of file Commented Mar 7, 2014 at 11:59
  • Your db access code is wrong. The result of a $dbpass=mysql_query($sql); is a resource handle and not the password from the query. You now need to fetch the results that your query generated. Have a look at the manual uk1.php.net/mysql_fetch_row Commented Mar 7, 2014 at 12:01
  • thanks due to this empty file is also responding empty but data base is stil not accessing Commented Mar 7, 2014 at 12:04
  • $dbpass=mysql_query($sql); is wrong yar.. Use mysql_fetch_row() or mysql_fetch_array() Commented Mar 7, 2014 at 12:05

3 Answers 3

Reset to default
1

You are not fetching data from database and you make a condition based on execute query = $pass which will be always false, so change to

$dbpass=mysql_query($sql);
$result = mysql_fetch_array($dbpass);
$passw = $result['password'];

if ($passw==$pass) 
{
  //logged

As side note i would say a couple of thing. First I notice you sanitized your input which is a good pratice, but you really should switch to prepared statments with either PDO or mysqli so you will avoid any risk of mysql injection, also because mysql_* functions are deprecated. Second saving a password in plain text in database is a very bad pratice, you should really encrypt it and save an hash of the password in database, there is anice post about that here. Further more I think that session_start(); should be placed at the top of your file to work correctly.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It's firstly good time to make use of PDO or mysqli rather then using mysql which is deprecated in latest PHP version.

While passing db connection values, I feel you missed out the username & password, which should help you connect the database.

Later, mysql_query("SELECT_QUERY"); returns result object, whose values should be read by mysql_fetch_assoc() which returns the db row into associative array form.

Finally your code should look like,

$sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

$result = mysql_query($sql);
$dbpass = mysql_fetch_assoc($result);
$dbpass = $dbpass['password'];
if ($dbpass==$pass) 
{
    $_SESSION["authenticated"]=true;
    header("Location: http://localhost/home.php");
    exit;
}
 else   //if ($dbpass===false)
{
    $_SESSION["notfound"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}
Improve this answer

2 Comments

i change my code but still it is not working and shows wrong username and password
Hope the code worked for you, but also start reading on mysqli or PDO in1.php.net/manual/en/mysqli.quickstart.statements.php
0

What's the error you're getting?

Anyway, how do you connect through your database? I see you have put the username and password as an empty string. You should try to put in a user/pass of an existing user:

mysql_connect syntax:

mysql_connect(host,username,password,newlink,clientflag)

example:

mysql_connect("localhost","root","")

or 

mysql_connect("localhost","root","password")
Improve this answer

3 Comments

Of course he's left them blank, or did you expect him to post his database login credentials on SO?
Lol of course not. But he didn't refer anything regarding the user and pass, so this could be a problem.
i am using xampp for phpMyAdmin & the deafult username and password is empty. I try it also on wampp where fill the deafult username and deafult password & and also make the suggested changes but it still not work

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.