How To Fix Login Form In PHP

Question

Whenever I try to login with the simple page I made. But there is a problem with the lookup to see if that information is in the database or not. All it requires is you to login in with username and password.

Here is the html form :

<p> Login </p>

<form action='login.php' method='POST'>
<input type='text' name='username'/><br>
<input type='password' name='password'/><br>
<input type='submit' name='submit' value='Login'/>

</form>

Here is the script for that form :

<?php

error_reporting(0);

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

include ("connect.php");

if ($username && $password) {

    // Info Is Provided
    $queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
    $numrow = mysql_numrows($queryget);
    if ($numrow != 0) {

        $_SESSION['username'] = $username;

        echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";

    } else {

        echo "Your Username Was Not Found";

    }

} else {

    echo "You Did Not Provide All OF The Neccesary Information.";
    include ("index5.php");

}


 ?>

Can you figure why it won't let me Login?

What happens when you try to log in? Does it say Username not found? — AdRock, Dec 03 '13 at 11:18
please use `mysql_error` to find if database have error: http://www.w3schools.com/php/func_mysql_error.asp — Hamed mayahian, Dec 03 '13 at 11:23
Offtopic but.. unless this is for home/internal use you really should hash your passwords. — cen, Dec 03 '13 at 11:25
So I turned error reporting on and it said this Notice: Undefined index: username and Notice: Undefined index: password. What does this mean? — JayThurman, Dec 03 '13 at 11:25
I know i just working on something for another thing. i use md5 hashing. — JayThurman, Dec 03 '13 at 11:26
as @joke_Sense10 told you should use `$_ISSET` http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index — Hamed mayahian, Dec 03 '13 at 11:29

score 3 · Answer 1 · answered Dec 03 '13 at 11:18

3

Change this:

$numrow = mysql_numrows($queryget);

To:

$numrow = mysql_num_rows($queryget);

And also use isset function in the if condition:

if(isset($username) && isset($password)){

answered Dec 03 '13 at 11:18

Joke_Sense10

5,341
2
18
22

1

Change to if (isset($username) && isset($password)) { – AdRock Dec 03 '13 at 11:20
replace the line under include ("connect.php"); – AdRock Dec 03 '13 at 11:22

score 0 · Answer 2 · answered Dec 03 '13 at 11:26

You probably had whitespace after the closing ?>

<?php

error_reporting(0);

session_start();

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

include ("connect.php");

if (isset($username) && isset($password)) {

    // Info Is Provided
    $queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
    $numrow = mysql_num_rows($queryget);
    if ($numrow != 0) {

        $_SESSION['username'] = $username;

        echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";

    } else {

        echo "Your Username Was Not Found";

    }

} else {

    echo "You Did Not Provide All OF The Neccesary Information.";
    include ("index5.php");

}

?>

Does it still say username not found? Are you sure that username is in the database and the username/password combination are correct? — AdRock, Dec 03 '13 at 11:31

score 0 · Answer 3 · answered Dec 04 '13 at 17:02

Hi the problem you are having may have something to do with the version of PHP you are using, MySQL is outdated and does not function on the latest versions, it have changed to MySQL which is similar so its defiantly worth learning. The code below is similar to yours only I have removed the include to connect.php and replaced it with MySQLi. I have also made a change to the query limiting only one item to return.

$username = $_POST['username'];
$password = $_POST['password'];


$Connect = mysqli_connect($host,$user,$pass,$database);

if (isset($username) && isset($password))
{
    // Info Is Provided
    $queryget = mysqli_query($Connect, "SELECT * FROM users WHERE username='$username'     AND password='$password' LIMIT 1");
    $numrow = mysqli_num_rows($queryget);
    if ($numrow == 1)
    {
        $_SESSION['username'] = $username;
        echo "You Have Been Logged In. | <a href='members.php'>Go To The Members Page</a>";
    }
    else 
    {
    echo "Your Username Was Not Found";
    }
} 
else 
{
    echo "You Did Not Provide All OF The Neccesary Information.";
    include ("index5.php");
}
?>

How To Fix Login Form In PHP

3 Answers3