1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:14 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Login Page not working

Login fails even though name and password are correct

         

TheKG

9:18 pm on Dec 27, 2011 (gmt 0)

10+ Year Member Top Contributors Of The Month



I'm having trouble creating a login page. Set up a MySql database and table. The table has 3 fields; id, username & password. Every time I try to log in, I receive the message that the login failed. After hours of research, I still cannot pinpoint where this goes wrong.

Here's the code for the "login.htm" page:

<html>
<body>

<form action="login.php" method="post">
<p>Username
<input type="text" name="username" id="username" />
</p>
<p>Password
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" />
</p>

</form>

</body>

</html>

Here's the code for the "login.php" page:

<?php
session_start();

include('admin/misc2.inc');

$cxn = mysqli_connect($host,$user,$passwd,$dbname) or die ("couldn't connect to server" . mysqli_error());

$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);

$result = mysqli_query($cxn,"SELECT * FROM `members` WHERE username='$myusername' AND password='$mypassword'") or die("cannot execute query");

$num = mysqli_num_rows($result);

if($num > 0)
{

$_SESSION['username'];
header("location:success.php");
}

else
echo "login fail – please click here to <a href=\"login.htm\">login</a>";

?>

Any assistance will be appreciated.

jecasc

9:59 pm on Dec 27, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Should it not be:

else {
echo "login fail – please click here to <a href=\"login.htm\">login</a>";
}

or

else echo "login fail – please click here to <a href=\"login.htm\">login</a>";

Matthew1980

10:26 pm on Dec 27, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there TheKG,

In the structure of the DB have you got the field 'Password' setup as a strightforward varchar() or text() field or are you using some sort of algorithm (Sha1()/md5()/password()) to encrypt the data? if you are, then the query you build up from the provided data needs to reflect this.

And as jecasc correctly notes; the if statement is missing it's else braces.

What I would recommend at the very least is that you echo the populated sql string to screen, copy it and then paste it into your preferred MySql client to see that the populated string actually gives the results that you expect, else you won't progress very far.

And this point raises a good point for building the query OUTSIDE the mysqli_query() function, as this will does and can, improve debugging attempts for you further down the line.

The only other thing that bothers me about this, is the use of $_SESSION's here and how you're populating it on successful login, you're defining it, but not assigning it anything for later use? Maybe you just want the script to function before you concentrate on the aesthetics, but, if you don't assign it, you could end up with undefined index error's - admittedly, you would need to have error_reporting() on to catch 'em, but I thought as I would note it for you.

Have fun with your project,

Cheers,
MRb

AlexK

6:04 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



A small, general extra:

When building a site/page, add the following: 

error_reporting( E_ALL );

...and fix *every* error, warning or notice. You cannot imagine how many so-called notices are actually full-blown script errors. Fix them all.

On your public-facing scripts, allow zero errors to show.

On your specific question, far better to store encrypted (md5 is a typical one) and test for password equality to the retrieved value

eg
SELECT `md5` from `db` WHERE `name`='username'

Then:
1 is `name` in the DB at all?
2 if yes, test md5(password)=mysql_md5 (in PHP)

Thus, break it down into small steps and, if you have errors, test one step at a time. Try to resist the urge to cram it all into one huge algorithm.

Matthew1980

6:22 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi all,

As AlexK points out, modular approach to this is best; I will add another thing to this:-

When building a site/page, add the following:

error_reporting( E_ALL );

>>...and fix *every* error, warning or notice.

To do that you would need to have this:-

(Checking for notices)
error_reporting(E_ALL ^ E_NOTICE);

or:-

(for old functions)
error_reporting(E_ALL ^ E_DEPRECATED);

or:-

(for strict standards)
error_reporting(E_ALL ^ E_STRICT);

Hope that makes sense.

Cheers,
MRb
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:14 am Apr 28, 2026