PHP Login Script is not Working
Posted: Sat Sep 25, 2010 4:36 am
Am learning PHP, I have been trying for this login form for past four days, but i cant find the result and also cant find the bug in my query can any body here help me to find the error in my query. I will much thankful for them
This is the MYSQL Query i used
mysql> select * from users where password=password('god');
+--------+-------+-------------------------------------------+
| userID | name | password |
+--------+-------+-------------------------------------------+
| 1 | selva | *895DC6A9BBBCFCDB8B7FDB51FA0383A59F38C60E |
+--------+-------+-------------------------------------------+
1 row in set (0.00 sec)
mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userID | int(11) | | PRI | NULL | auto_increment |
| name | varchar(20) | | | | |
| password | varchar(50) | | | | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
This is the PHP code i used to develop Login Form
<? session_start() ?>
<html>
<head>
<title>Log In Form</title>
</head>
<body>
<?
if($user && $pass) {
if($logged_in_user == $user) {
echo "Your Already Logged In";
echo $user. ", your already logged in";
exit;
}
$db = mysql_connect("localhost")or die("Cannot Connect");
mysql_select_db("userlist", $db)or die("Cannot Select Database");
$user = $_POST['user'];
$pass = $_POST['pass'];
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = "select * form users where name='$user'AND password=PASSWORD('$pass')";
//$query = "select * form users where name like '%$user%' ";
$result = mysql_query($query);
if(!$result) {
echo "error" .mysql_error();
exit;
}
if(mysql_num_rows($result) == 1) {
$logged_in_user = $user;
session_register("logged_in_user");
//echo $user.;
echo "Welcome" .$logged_in_user;
exit;
}
else {
echo "Invalid User Please try again";
}
}
else if($name || $pass)
{
echo "Please Enter Both The Field" ;
}
?>
<form action="Login.php" method="POST">
<H2>Enter Login Details</H2>
User Name:
<input type=text name="user"><BR><BR>
Password :
<input type=password name="pass"><BR><BR>
<input type=submit value="Login"><BR>
</form>
</body>
</html>
This is the MYSQL Query i used
mysql> select * from users where password=password('god');
+--------+-------+-------------------------------------------+
| userID | name | password |
+--------+-------+-------------------------------------------+
| 1 | selva | *895DC6A9BBBCFCDB8B7FDB51FA0383A59F38C60E |
+--------+-------+-------------------------------------------+
1 row in set (0.00 sec)
mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userID | int(11) | | PRI | NULL | auto_increment |
| name | varchar(20) | | | | |
| password | varchar(50) | | | | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
This is the PHP code i used to develop Login Form
<? session_start() ?>
<html>
<head>
<title>Log In Form</title>
</head>
<body>
<?
if($user && $pass) {
if($logged_in_user == $user) {
echo "Your Already Logged In";
echo $user. ", your already logged in";
exit;
}
$db = mysql_connect("localhost")or die("Cannot Connect");
mysql_select_db("userlist", $db)or die("Cannot Select Database");
$user = $_POST['user'];
$pass = $_POST['pass'];
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = "select * form users where name='$user'AND password=PASSWORD('$pass')";
//$query = "select * form users where name like '%$user%' ";
$result = mysql_query($query);
if(!$result) {
echo "error" .mysql_error();
exit;
}
if(mysql_num_rows($result) == 1) {
$logged_in_user = $user;
session_register("logged_in_user");
//echo $user.;
echo "Welcome" .$logged_in_user;
exit;
}
else {
echo "Invalid User Please try again";
}
}
else if($name || $pass)
{
echo "Please Enter Both The Field" ;
}
?>
<form action="Login.php" method="POST">
<H2>Enter Login Details</H2>
User Name:
<input type=text name="user"><BR><BR>
Password :
<input type=password name="pass"><BR><BR>
<input type=submit value="Login"><BR>
</form>
</body>
</html>