Unable to login - and no error message. - PHP

Question

<?php
include("includes/connect.php");

if(isset($_POST['login'])){

$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];

$admin_query = "select * from admin_login where user_name='$user_name' AND                 user_pass='$user_pass'";

$run=mysql_query($admin_query);

if(mysql_num_rows($run)>0){
//echo (mysql_num_rows($run));

$_SESSION['user_name']=$user_name;
header('location:index.php');
//echo "<script>window.open('index.php','_self')</script>";
}
else{
echo "<script>alert('User name or password is incorrect')</script>";
}

}
?>

I am unable to login to the index page. When I give the wrong credential, it pops up the error. But when I give the right credentials, it doensn't pop any error. but still couldn't able to login. Please help.

I have included this on my index.php

<?php
 session_start();
if(!isset($_SEESION['user_name'])){
header("location:login.php");
}
else {
?>

Have you also called `session_start()` in the login page or in some file it includes? — Guilherme Sehn, Nov 24 '13 at 15:36
Your code is insecure. anyone can login by making their password `' OR 1 = 1 --` provided they have a valid username. The number of new web developers who haven't a clue about security is what leads to data breaches. Look up OWASP (Open Web Application Security Project) and start using PDO. — Amelia, Nov 24 '13 at 15:37
alert!!! mysql_* functions are depreciated http://stackoverflow.com/q/12859942/829533 — zzlalani, Nov 24 '13 at 15:42

score 1 · Answer 1 · edited May 23 '17 at 12:21

1

Add session_start(); at the top of your code; it's because you can't save a session variable unless the session is started and your $_SESSION['user_name']=$user_name; doesn't do anything currently.

And your code is vulnerable to SQL injection attacks, read this question on how to prevent them.

edited May 23 '17 at 12:21

Community

1
1

answered Nov 24 '13 at 15:40

Krish R · Answer 2 · 2013-11-24T15:41:01.510

Try to use

if(!isset($_SESSION['user_name'])){

instead of

if(!isset($_SEESION['user_name'])){

index.php - Added session_start(); // added here

<?php session_start(); // added here
include("includes/connect.php");

    if(isset($_POST['login'])){

        $user_name = $_POST['user_name'];
        $user_pass = $_POST['user_pass'];

        $admin_query = "select * from admin_login where user_name='$user_name' AND user_pass='$user_pass' ";

        $run=mysql_query($admin_query);

        if(mysql_num_rows($run)>0){
            //echo (mysql_num_rows($run));

            $_SESSION['user_name']=$user_name;
            header('location:index.php');
            //echo "<script>window.open('index.php','_self')</script>";
        }
        else{
            echo "<script>alert('User name or password is incorrect')</script>";
        }

    }

 ?>

Thank you, this was my silly mistake and I over looked it. thanks alot. — user3027552, Nov 24 '13 at 15:50

score 0 · Answer 3 · answered Nov 24 '13 at 15:43

0

You need to add session_start(); on the file in which you are adding an session Add this at beginning of your code

<?php
session_start();

answered Nov 24 '13 at 15:43

Unable to login - and no error message. - PHP

3 Answers3