PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem. does anyone see any obvious errors?
<?php
ob_start();
include 'error.php';
include 'dbconnect_silent.php';
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$username = $worked[username];
$password = $worked[password];
$email = $worked[email];
if($worked){
echo "login successful. now redirecting $user ... please wait";
session_start();
$_SESSION['user'] = $username;
$_SESSION['areyouin'] = true;
header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
error('No match found. Password is incorrect or user does not exist.\\n'.
'Please try again.')
}
ob_flush();
?>
suthie wrote:I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem.
A description of the problem would be nice (I do see in your followup post that you mention a 'blank screen'). What does "not working" mean. What changed from the last time it worked until now?
General observations:
session_start() should be the first line in the script.
You should call ob_end_flush() immediately after the call to header().
You don't bother to escape your POST data.
Unless it's a typo or just looks odd, your SQL statement has 'username'and shoved together.
Your logic as to whether or not the SQL statement worked is a bit flawed. You should use ( mysql_num_rows() == 1 ) to verify that the user validation is correct and exactly 1 user record was returned.
You may have display_errors turned off, try changing your script to display all errors, e.g.
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
ob_start();
include 'error.php';
include 'dbconnect_silent.php';
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$username = $worked['username'];
$password = $worked['password'];
$email = $worked['email'];
if($worked){
echo "login successful. now redirecting $user ... please wait";
session_start();
$_SESSION['user'] = $username;
$_SESSION['areyouin'] = true;
header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
error('No match found. Password is incorrect or user does not exist.\\n'.
'Please try again.');
}
ob_flush();
?>