Page 1 of 1

login check issue

Posted: Sat Oct 29, 2011 11:58 am
by naveendk.55
Hi, I am trying to perform a login check and redirect the form to index.php if the username and password are correct. Also the login page check if the fields are entered or not.

The issue is that the login check is performing but not redirecting to index.php. Also I'm not getting any error after performing the login check. Let me know if I'm making any errors in below code. Include file only contains the database details.

Code: Select all


<?php include("connections.php"); ?>
<?php
if(isset($_POST['submit']))
{
$errors=array();
$required_fields=array('username', 'pass');
foreach($required_fields as $fields)
{
    if(!isset($_POST[$fields]) || empty($_POST[$fields]))
    {
        $errors[]=$fields;
    }
}

if(empty($errors))
{
   $username=trim($_POST['username']);
   $password =trim($_POST['pass']);
    $query= "SELECT * FROM users WHERE username='{$username}' AND hashed_password='{$password}' ";
    $result=mysql_query($query);
    $result_set=mysql_fetch_array($result);
        if(mysql_num_rows($result_set) == 1)
    {
   header('location: index.php');
   exit;
    }
    else
    {
    echo 'Invalid password';
    }
}
   
} 
 ?>


Re: login check issue

Posted: Sat Oct 29, 2011 2:52 pm
by MikeSpider
Hi,
Try do it this way:

Code: Select all


foreach($required_fields as $fields)
 {
     if( "" == $fields  ){

$errors[]=$fields;
 
}

     {
if( ! $errors){

...
 

Re: login check issue

Posted: Sat Oct 29, 2011 4:56 pm
by Celauran

Code: Select all

if(empty($errors))
{
   $username=trim($_POST['username']);
   $password =trim($_POST['pass']);
    $query= "SELECT * FROM users WHERE username='{$username}' AND hashed_password='{$password}' ";
    $result=mysql_query($query);
    $result_set=mysql_fetch_array($result);
        if(mysql_num_rows($result_set) == 1)
    {
   header('location: index.php');
   exit;
    }
A few things. First, you're not sanitizing your data before passing into a query. This is just asking for trouble. That aside, you seem to be taking the plaintext password from your form and passing it into a query that's expecting a hashed password, which would explain why you aren't getting any results. Finally, don't SELECT * ever. Since all you're interested in here is the number of rows returned, why not SELECT COUNT(*)?

Re: login check issue

Posted: Sat Oct 29, 2011 5:05 pm
by flying_circus
Celauran submitted his post while I was typing mine, and he covered just about everything I was going to say. ( Escape your data! )

The reason your script is likely failing is because of this line:

Code: Select all

if(mysql_num_rows($result_set) == 1)
You are checking the num_rows of a record, NOT the record set. Try changing it to:

Code: Select all

if(mysql_num_rows($result) == 1)

Re: login check issue

Posted: Sat Oct 29, 2011 5:09 pm
by Celauran
flying_circus wrote:The reason your script is likely failing is because of this line:

Code: Select all

if(mysql_num_rows($result_set) == 1)
You are checking the num_rows of a record, NOT the record set. Try changing it to:

Code: Select all

if(mysql_num_rows($result) == 1)
Good catch. I completely missed that.