Page 1 of 1

php login script

Posted: Fri May 01, 2009 12:20 pm
by AVerbatim
I am trying to use the code below for a login system on my website.

login.php

Code: Select all

<?
session_start();
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
 
<body>
<?
if(!isset($user) | !isset($password)) {
 
?>
<form action="<?=$PHP_SELF?><? if($QUERY_STRING){ echo"?". $QUERY_STRING;} ?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
 <tr>
  <th>
Username:
  </th>
  <th>
<input type="text" name="user">
  </th>
 </tr>
 <tr>
  <th>
Password:
  </th>
  <th>
<input type="password" name="password">
  </th>
 </tr>
 <tr>
  <th colspan="2" align="right">
<input type="submit" value="Login">
</form>
  </th>
 </tr>
</table>
</body>
</html>
<?
exit();
}
 
session_register("user");
session_register("password"); 
 
 
include ("connection.php");
 
$sql = mysql_query("SELECT password FROM admin WHERE user = '$user'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
 
if($numrows != "0" & $password == $fetch_em["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
 
 
if (!($valid_user))
{
session_unset();   
session_destroy(); 
 
?>
<form action="<?=$PHP_SELF?><? if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
 <tr>
  <th>
Username:
  </th>
  <th>
<input type="text" name="user">
  </th>
 </tr>
 <tr>
  <th>
Password:
  </th>
  <th>
<input type="password" name="password">
  </th>
 </tr>
 <tr>
  <th colspan="2" align="right">
<input type="submit" value="Login">
</form>
  </th>
 </tr>
</table>
</body>
</html>
<?
exit();
}
?>
 
</body>
</html>
 
I then put include('login.php'); at the top of the page that only the admin can view. It all works fine until I enter in the user name and password. It keeps telling me that I have entered in incorrect login information and therefore will not let me proceed.

Can someone please help?

Thanks

Re: php login script

Posted: Fri May 01, 2009 12:29 pm
by watson516
I might be mistaken but I believe you need two & in your If statement. You are checking if mysql_num_rows returns "0" but it should just be 0. You might also want to use $_GET/$_POST. And the last thing I noticed is that you should probably not use short tags (<? ?>) but stick with <?php ?>. Short tags don't work on all servers. You would also have to change the <?= to <?php echo.

Re: php login script

Posted: Sat May 02, 2009 4:30 pm
by McInfo
You want to use Logical Operators, not Bitwise Operators.

Edit: This post was recovered from search engine cache.