Page 1 of 1

nothing happens to my login form

Posted: Mon Jan 17, 2011 12:32 pm
by shehan31
Hi all;
my login form does not show any thing and it resets when i clik the button. Can anyone help.
Regards
Shehan31

Code: Select all

<?php

$connect = mysql_connect ("localhost","root","") or die ("error");
mysql_select_db ("guestbook") or die ("Error Connecting With The Database");

 if (isset($_POST['Login'])){ 
     
    $username = $_POST['username'];
    $password = $_POST[md5('password')];
	 
		$queryget = mysql_query("SELECT * FROM login WHERE user='$username' AND password='$password'")or die (" error with table");	
		$nr = mysql_num_rows($query_get);
	      if($nr==0){
		  	$info=mysql_fetch_array($queryget);
			echo "you are authorized";
			
		  }	
		  else echo"wrong";	  
		  
		    

}
echo"
 
 <form action = 'login.php' method='post>
 <div id='second_table' style='float: left; width: 800px; position:absolute; top:250px; right:300px'>
   <tr>
        <td>
		
         <font SIZE = 5 FACE = times new roman >Username</font>
        </td>
        <td>
        <input type='text' name='username' maxlength='200'>
        </td>
   </tr>
    <tr>
        <td></br></br>
		
         <font SIZE = 5 FACE = times new roman >Password</font>
        </td>
        <td>
        <input type='password' name='password' maxlength='200'>
        </td>
   </tr>
   <tr>
       <td align='center' valign='top' colspan='2'>
        <input type='submit' name='Login'  value='Login'>
       </td>
	   </tr>
   </form>";
?>

Re: nothing happens to my login form

Posted: Tue Jan 18, 2011 1:42 am
by Peter Kelly
for starters I've noticed your missing a ' off here

Code: Select all

<form action = 'login.php' method='post>
$password = $_POST[md5('password')]; should be $password = md5($_POST['password']);

I would recommend escaping mysql queries using the function

Code: Select all

$queryget = mysql_query("SELECT * FROM login WHERE user='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($password) . "'")or die (" error with table"); 
I also think you got the
if($nr==0){ the wrong way round because the previous line you are checking if a row exists but it should be

Code: Select all

if($nr==0){
echo "Incorrect Login Details";
}else{
$info=mysql_fetch_array($queryget);
echo "You are authorized.";
}
I think you got it the wrong way round.
If you make those changes and test it lets see what happens.

Re: nothing happens to my login form

Posted: Tue Jan 18, 2011 4:45 am
by shehan31
hi peter ;
Thank you for both replies. the missing part is thre already.

Code: Select all

<form action = 'login.php' method='post>
I have changed the code as you have suggest.
Still it does not gives me what i wanted. it only refresh the form.

Code: Select all

<?php

$connect = mysql_connect ("localhost","root","") or die ("error");
mysql_select_db ("guestbook") or die ("Error Connecting With The Database");

 if (isset($_POST['Login'])){ 
     
    $username = $_POST['username'];
    $password = md5($_POST['password']);
	 
		$queryget = mysql_query("SELECT * FROM login WHERE user=mysql_real_escape_string($username) AND password=mysql_real_escape_string($password)")or die (" error with table");	
		$nr = mysql_num_rows($query_get);
	      if($nr==0){
		  	
			echo "you are not authorized";
			
		  }else{
		    $info=mysql_fetch_array($queryget);
				 echo"you are authorized";	  }
		  
		    

}
echo"
 
 <form action = 'login.php' method='post>
 <div id='second_table' style='float: left; width: 800px; position:absolute; top:250px; right:300px'>
   <tr>
        <td>
		
         <font SIZE = 5 FACE = times new roman >Username</font>
        </td>
        <td>
        <input type='text' name='username' maxlength='200'>
        </td>
   </tr>
    <tr>
        <td></br></br>
		
         <font SIZE = 5 FACE = times new roman >Password</font>
        </td>
        <td>
        <input type='password' name='password' maxlength='200'>
        </td>
   </tr>
   <tr>
       <td align='center' valign='top' colspan='2'>
        <input type='submit' name='Login'  value='Login'>
       </td>
	   </tr>
   </form>";
?>
Regards
Shehan31



Peter Kelly wrote:for starters I've noticed your missing a ' off here

Code: Select all

<form action = 'login.php' method='post>
$password = $_POST[md5('password')]; should be $password = md5($_POST['password']);

I would recommend escaping mysql queries using the function

Code: Select all

$queryget = mysql_query("SELECT * FROM login WHERE user='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($password) . "'")or die (" error with table"); 
I also think you got the
if($nr==0){ the wrong way round because the previous line you are checking if a row exists but it should be

Code: Select all

if($nr==0){
echo "Incorrect Login Details";
}else{
$info=mysql_fetch_array($queryget);
echo "You are authorized.";
}
I think you got it the wrong way round.
If you make those changes and test it lets see what happens.

Re: nothing happens to my login form

Posted: Tue Jan 18, 2011 5:28 am
by Peter Kelly

Code: Select all

<?php

$connect = mysql_connect ("localhost","root","") or die ("error");
mysql_select_db ("guestbook") or die ("Error Connecting With The Database");

 if (isset($_POST['Login'])){ 
     
    $username = $_POST['username'];
    $password = md5($_POST['password']);
         
                $queryget = mysql_query("SELECT * FROM login WHERE user=mysql_real_escape_string($username) AND password=mysql_real_escape_string($password)")or die (" error with table");     
                $nr = mysql_num_rows($query_get);
              if($nr==0){
                        
                        echo "you are not authorized";
                        
                  }else{
                    $info=mysql_fetch_array($queryget);
                                 echo"you are authorized";        }
                  
                    

}
echo"
 
 <div id='second_table' style='float: left; width: 800px; position:absolute; top:250px; right:300px'>
 <form action = 'login.php' method='post'>
   <tr>
        <td>
                
         <font size="5" face="times new roman">Username</font>
        </td>
        <td>
        <input type='text' name='username' maxlength='200'>
        </td>
   </tr>
    <tr>
        <td></br></br>
                
         <font size="5" face="times new roman">Password</font>
        </td>
        <td>
        <input type='password' name='password' maxlength='200'>
        </td>
   </tr>
   <tr>
       <td align='center' valign='top' colspan='2'>
        <input type='submit' name='Login' value='Login'>
       </td>
           </tr>
   </form>";
?>
Try that I noticed a few minor things with the HTML and you have the <form action line twice.

Re: nothing happens to my login form

Posted: Tue Jan 18, 2011 7:40 am
by shehan31
hi kelly;
Thank you for the reply. It dosent work yet. The error message is "error with table" which is in the sql query. I have removed "mysql_real_escape_string" and now its working. To be honest i havent used that special character escaping function and would like to know whether it makes any difference. Thank you or the support.
Regards
Shehan31 8)
Peter Kelly wrote:

Code: Select all

<?php

$connect = mysql_connect ("localhost","root","") or die ("error");
mysql_select_db ("guestbook") or die ("Error Connecting With The Database");

 if (isset($_POST['Login'])){ 
     
    $username = $_POST['username'];
    $password = md5($_POST['password']);
         
                $queryget = mysql_query("SELECT * FROM login WHERE user=mysql_real_escape_string($username) AND password=mysql_real_escape_string($password)")or die (" error with table");     
                $nr = mysql_num_rows($query_get);
              if($nr==0){
                        
                        echo "you are not authorized";
                        
                  }else{
                    $info=mysql_fetch_array($queryget);
                                 echo"you are authorized";        }
                  
                    

}
echo"
 
 <div id='second_table' style='float: left; width: 800px; position:absolute; top:250px; right:300px'>
 <form action = 'login.php' method='post'>
   <tr>
        <td>
                
         <font size="5" face="times new roman">Username</font>
        </td>
        <td>
        <input type='text' name='username' maxlength='200'>
        </td>
   </tr>
    <tr>
        <td></br></br>
                
         <font size="5" face="times new roman">Password</font>
        </td>
        <td>
        <input type='password' name='password' maxlength='200'>
        </td>
   </tr>
   <tr>
       <td align='center' valign='top' colspan='2'>
        <input type='submit' name='Login' value='Login'>
       </td>
           </tr>
   </form>";
?>
Try that I noticed a few minor things with the HTML and you have the <form action line twice.

Re: nothing happens to my login form

Posted: Tue Jan 18, 2011 7:58 am
by Peter Kelly
Sorry I've just noticed the error when i replied last. You should use

Code: Select all

$queryget = mysql_query("SELECT * FROM login WHERE user='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($password) . "'")or die (" error with table");
Making sure you leave the " . and . " in place within the single quotes. This is to help prevent SQL Injection. Not using it leaves your highly vulnerable. But is it working now?