php login script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
AVerbatim
Forum Newbie
Posts: 1
Joined: Fri May 01, 2009 12:12 pm

php login script

Post by AVerbatim »

I am trying to use the code below for a login system on my website.

login.php

Code: Select all

<?
session_start();
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
 
<body>
<?
if(!isset($user) | !isset($password)) {
 
?>
<form action="<?=$PHP_SELF?><? if($QUERY_STRING){ echo"?". $QUERY_STRING;} ?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
 <tr>
  <th>
Username:
  </th>
  <th>
<input type="text" name="user">
  </th>
 </tr>
 <tr>
  <th>
Password:
  </th>
  <th>
<input type="password" name="password">
  </th>
 </tr>
 <tr>
  <th colspan="2" align="right">
<input type="submit" value="Login">
</form>
  </th>
 </tr>
</table>
</body>
</html>
<?
exit();
}
 
session_register("user");
session_register("password"); 
 
 
include ("connection.php");
 
$sql = mysql_query("SELECT password FROM admin WHERE user = '$user'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
 
if($numrows != "0" & $password == $fetch_em["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
 
 
if (!($valid_user))
{
session_unset();   
session_destroy(); 
 
?>
<form action="<?=$PHP_SELF?><? if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
 <tr>
  <th>
Username:
  </th>
  <th>
<input type="text" name="user">
  </th>
 </tr>
 <tr>
  <th>
Password:
  </th>
  <th>
<input type="password" name="password">
  </th>
 </tr>
 <tr>
  <th colspan="2" align="right">
<input type="submit" value="Login">
</form>
  </th>
 </tr>
</table>
</body>
</html>
<?
exit();
}
?>
 
</body>
</html>
 
I then put include('login.php'); at the top of the page that only the admin can view. It all works fine until I enter in the user name and password. It keeps telling me that I have entered in incorrect login information and therefore will not let me proceed.

Can someone please help?

Thanks
Last edited by Benjamin on Fri May 01, 2009 12:44 pm, edited 1 time in total.
Reason: Changed code type from text to php.
watson516
Forum Contributor
Posts: 198
Joined: Mon Mar 20, 2006 9:19 pm
Location: Hamilton, Ontario

Re: php login script

Post by watson516 »

I might be mistaken but I believe you need two & in your If statement. You are checking if mysql_num_rows returns "0" but it should just be 0. You might also want to use $_GET/$_POST. And the last thing I noticed is that you should probably not use short tags (<? ?>) but stick with <?php ?>. Short tags don't work on all servers. You would also have to change the <?= to <?php echo.
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: php login script

Post by McInfo »

You want to use Logical Operators, not Bitwise Operators.

Edit: This post was recovered from search engine cache.
Post Reply