Page 1 of 1

Login interface

Posted: Tue Dec 13, 2011 3:45 am
by aquilina
I having a problem with my login interface.. this is my ss of my login interface >> http://prntscr.com/4lbt6 ... Just now i try the login part.. i didnt insert anything on the username and password.. this will appear for me >>> http://prntscr.com/4lbtn .. it should be appear like this >> http://prntscr.com/4lbsz if username and password doesnt not inserted...

Below is my login part code

Code: Select all

<?php
	if(isset($_SESSION['usernamejob'])) 
{
		echo "<center><br>Hello, <font color=\"blue\">".$_SESSION['usernamejob'].".<br /><br /></center></font>"; 
	include("ucp.php");
		echo
	"<center>
		<input type=\"submit\" name=\"Logout\" value=\"Logout\" onClick=\"parent.location='?page=logout'\" />
	</center>";
} 
	else 
{
	if(!isset($_POST['login_x']))
 {
		echo 
	"<table border=\"0\" >
	     <tr>
			<form method=\"POST\">
			<tr> Username:</tr>
			<tr><input class=\"cleardefault\" size=\"14\" type=\"text\" name=\"usernamejob\" maxlength=\"12\" style=\"width: 170px;\" />
			<tr> Password:</tr>
			<tr><input class=\"cleardefault\" size=\"14\" type=\"password\" name=\"password\" style=\"width: 170px;\" />
			<center>
			</tr>
			</table>
			<table>
            <tr>	
			<br/><center>							 
			<input type=\"image\"  src=\"images/login.png\" name=\"login\" value=\"Login\" alt=\"login\"  /></form></center>
			</tr>
	</center>
	</table>";
}
	else
{
	
	
	$usernamejob = $_POST['usernamejob'];
	$password = $_POST['password'];
	

	if ($usernamejob&&$password)
{
	$conn = mysql_connect("localhost","root","") or die ("Cannot connect!");
	mysql_select_db("job_seeks") or die("cannot find the db");
	$usernamejob = mysql_real_escape_string($_POST['usernamejob']);
	$password = mysql_real_escape_string($_POST['password']);
	$query = mysql_query("SELECT * FROM employee_user WHERE usernamejob='$usernamejob'");
	$numrows = mysql_num_rows($query);
		if ($numrows!=0)
{
			while ($row = mysql_fetch_assoc($query))
{
			$dbemployee_id = $row['employee_id'];
			$dbusernamejob = $row['usernamejob'];
         		$dbpassword = $row['password'];
}
		if ($usernamejob==$dbusernamejob&&$password==$dbpassword)
{
			$_SESSION['employee_id']=$dbemployee_id;
			$_SESSION['usernamejob']=$dbusernamejob;
}
	echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=\"?page=index\">";
			
} 	
	else 
{
	echo "<br />The username or password is incorrect. Please try again.<br>You will be redirected in 3 seconds<br />
		<meta http-equiv='refresh' content='4;url=\"?page=index\"'><br />";
}
}
}
}
?>

Re: Login interface

Posted: Tue Dec 13, 2011 4:27 am
by social_experiment

Code: Select all

 echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=\"?page=index\">";
What happens if you comment this from your code? If you want to redirect to a different page on login success it is better to use header('location: resultpage.php'). It should also be in the conditional statement that is executed when login is successful. The example below illustrates what i have in mind.

Code: Select all

<?php
 // got results from the database 
 if ($results == 1) {
    // user details exist so login them in
    header('location: loggedIn.php');
 }
 else {
    // wrong details; try again
    echo 'Wrong details, please try again';
 }
?>
There are a few issues with the script below which you should look at; hashing your passwords, proper checking of user input; if you have the current problem solved you can move onto them

Hth

Re: Login interface

Posted: Thu Dec 22, 2011 11:21 am
by egg82
echo is always nice. Remove the redirect and test your code piece by piece.
ie. echo the submitted user/pass, then echo the submitted hashed password, then echo the user/pass in the DB

That should tell you where you went wrong


Though I agree, md5 hashing is simply not strong enough anymore. Use a blowfish ecryption on top of that