login check issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
naveendk.55
Forum Newbie
Posts: 24
Joined: Tue Aug 16, 2011 10:13 am

login check issue

Post by naveendk.55 »

Hi, I am trying to perform a login check and redirect the form to index.php if the username and password are correct. Also the login page check if the fields are entered or not.

The issue is that the login check is performing but not redirecting to index.php. Also I'm not getting any error after performing the login check. Let me know if I'm making any errors in below code. Include file only contains the database details.

Code: Select all


<?php include("connections.php"); ?>
<?php
if(isset($_POST['submit']))
{
$errors=array();
$required_fields=array('username', 'pass');
foreach($required_fields as $fields)
{
    if(!isset($_POST[$fields]) || empty($_POST[$fields]))
    {
        $errors[]=$fields;
    }
}

if(empty($errors))
{
   $username=trim($_POST['username']);
   $password =trim($_POST['pass']);
    $query= "SELECT * FROM users WHERE username='{$username}' AND hashed_password='{$password}' ";
    $result=mysql_query($query);
    $result_set=mysql_fetch_array($result);
        if(mysql_num_rows($result_set) == 1)
    {
   header('location: index.php');
   exit;
    }
    else
    {
    echo 'Invalid password';
    }
}
   
} 
 ?>

MikeSpider
Forum Commoner
Posts: 25
Joined: Sat Oct 22, 2011 6:45 pm

Re: login check issue

Post by MikeSpider »

Hi,
Try do it this way:

Code: Select all


foreach($required_fields as $fields)
 {
     if( "" == $fields  ){

$errors[]=$fields;
 
}

     {
if( ! $errors){

...
 
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: login check issue

Post by Celauran »

Code: Select all

if(empty($errors))
{
   $username=trim($_POST['username']);
   $password =trim($_POST['pass']);
    $query= "SELECT * FROM users WHERE username='{$username}' AND hashed_password='{$password}' ";
    $result=mysql_query($query);
    $result_set=mysql_fetch_array($result);
        if(mysql_num_rows($result_set) == 1)
    {
   header('location: index.php');
   exit;
    }
A few things. First, you're not sanitizing your data before passing into a query. This is just asking for trouble. That aside, you seem to be taking the plaintext password from your form and passing it into a query that's expecting a hashed password, which would explain why you aren't getting any results. Finally, don't SELECT * ever. Since all you're interested in here is the number of rows returned, why not SELECT COUNT(*)?
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: login check issue

Post by flying_circus »

Celauran submitted his post while I was typing mine, and he covered just about everything I was going to say. ( Escape your data! )

The reason your script is likely failing is because of this line:

Code: Select all

if(mysql_num_rows($result_set) == 1)
You are checking the num_rows of a record, NOT the record set. Try changing it to:

Code: Select all

if(mysql_num_rows($result) == 1)
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: login check issue

Post by Celauran »

flying_circus wrote:The reason your script is likely failing is because of this line:

Code: Select all

if(mysql_num_rows($result_set) == 1)
You are checking the num_rows of a record, NOT the record set. Try changing it to:

Code: Select all

if(mysql_num_rows($result) == 1)
Good catch. I completely missed that.
Post Reply