1

I'm creating a Log-in Form for my employees. I think there's a port problem with my local host port for mySQL on xampp but I don't know. Aren't Apache and mySQL supposed to be run from the same port? but anyway...

On xampp, my apache port is 8080 so "localhost:8080". My mySQL port is 3306 so I used "localhost:3306" for my "$host" variable in my php. Now, "login.php" is the "form action" I used in my html which is also the name of the document, so my php and my html are all on the same page - no separate documents; just to clear that up.

The problem: When I click the equivalent of "submit", none of my "echoed" or "error" code goes through. Basically, the page stays the same. Nothing happens. If I screw up the password on purpose, none of my errors come through. I stay on the same page, unable to see if ANYTHING worked. There's nothing to show me if what I did worked or not.

My phpMyAdmin database name is "accounts" and the table is named "users".

My php is located here

My html is located here

Again:

PHP

<?php
    session_start();
    $host = "localhost:3306";
    $user = "root";
    $pass = "password";
    $db = "accounts";

    mysql_connect($host, $user, $pass);
    mysql_select_db($db);

    if (isset($_POST['user'])) {
        $username = $_POST['user'];
        $password = $_POST['pass'];
        $sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1";
        $res = mysql_query($sql);
        if (mysql_num_rows($res) == 1) {
            echo "You have successfully logged in.";
            exit();
        } else {
            echo "Invalid login information. Please return to the previous page.";
            exit();
        }
    }
?>

HTML

<form action="login.php" method="post">
<p>User</p><input type="text" name="user" size="30" />
<p>Pass</p><input type="password" name="pass" size="30" />
</br><p><submit><input type="submit" name="submit" value="Log In" /></submit></p>
</form>

Please help. I have to get this up and running for an event I have in a week and a half and I still have a LOT of work to do because this has taken me too long.

Thank You, Dan

Improve this question
10
  • What is ession_start()? Commented Jan 19, 2015 at 3:35
  • @SverriM.Olsen The last brace is for if (isset($_POST['user'])) and OP might have made a typo and meant to do session_start(); - Many a time, it's a bad copy/paste. Edit: You've edited your comment in regards to my first part. Commented Jan 19, 2015 at 3:38
  • Yes, sorry, bad copy/paste. Commented Jan 19, 2015 at 3:39
  • Add error reporting to the top of your file(s) right after your opening <?php tag error_reporting(E_ALL); ini_set('display_errors', 1); see if it yields anything. Also add or die(mysql_error()) to mysql_query(). Also, what version of PHP are you using? Commented Jan 19, 2015 at 3:40
  • You're using the wrong variables in $sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1"; look at these $username = $_POST['user']; $password = $_POST['pass']; error reporting would have thrown an Undefined variable notice. Commented Jan 19, 2015 at 3:44

1 Answer 1

Reset to default
2

You're using the wrong variables in 

$sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1";

Look at these, those are the variables you should be using.

$username = $_POST['user'];
$password = $_POST['pass'];`

Error reporting would have thrown an Undefined variable notice.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Plus this:

<submit><input type="submit" name="submit" value="Log In" /></submit>

<submit></submit> are invalid tags; remove them.

I would also like to note that your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.

Edit:

As per your comment about deprecation, it's time for you to move to mysqli_ or PDO.

Here is a mysqli_ basic version and variables fix:

<?php
session_start();
$host = "localhost:3306";
$user = "root";
$pass = "password";
$db = "accounts";

$connect = mysqli_connect($host, $user, $pass, $db);

if (isset($_POST['user'])) {
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $sql = "SELECT * FROM users WHERE User='".$username."' AND Pass='".$password."' LIMIT 1";
    $res = mysqli_query($connect, $sql) or die (mysqli_error($connect));
    if (mysqli_num_rows($res) == 1) {
    echo "You have successfully logged in.";
    exit();
} else {
    echo "Invalid login information. Please return to the previous page.";
    exit();
}
}
?>

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.

For PHP < 5.5 use the password_hash() compatibility pack.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you very much! It works perfectly! I will learn mySQLi. Thanks again. You saved me a bunch of time!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.