Login suddenly stopped working

Question

I'm working on my school project and I need a simple login functionality. It was working 20 minutes ago but then I perhaps made some mistake. It doesn't show any error message. The database seems to be alright.

'jmeno' = name, 'heslo' = password

<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");

    if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
        $username = $_POST['heslo'];
        $password = $_POST['jmeno'];
        /* defends SQL injection */
       // $username = stripslashes($username);
        //$password = stripslashes($password);
        //$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
        //$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);

         $sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."'  AND heslo = '".$password."' LIMIT 1";

        $result = mysqli_query($mysqli, $sqllogin);
        if (!$result) {
        die(mysqli_error($mysqli));
        }
        $count = mysqli_num_rows($result);       

        if ($count == 1) {
        session_start();
        $_SESSION['loggedin'] = true;
        header('Location: home.php');

        }else {

        echo "<script language='javascript'>alert('Wrong password!');</script>";
    }
    }
?>

`It doesn't show any error message.` -- Did you [enable error reporting](http://stackoverflow.com/a/6575502/)? — Amal Murali, Jan 03 '14 at 20:04
Yep, I'm on the same page after logging in. It just refreshs — Václav Zeman, Jan 03 '14 at 20:14
Could you insert an alert inside each if statement and determine where your logic ends up? — rcorrie, Jan 03 '14 at 20:15
Thank You All! I made a mistake in an external php file which checks if a user is logged in. In if statement there wasn't $_SESSION['loggedin'] as an boolean (like it is in this code). — Václav Zeman, Jan 03 '14 at 20:40

score 3 · Answer 1 · answered Jan 03 '14 at 20:14

3

I think you mixed post values. Try :

$username = $_POST['jmeno'];
$password = $_POST['heslo'];

answered Jan 03 '14 at 20:14

Paul

785
2
13
21

score 0 · Answer 2 · answered Jan 03 '14 at 20:20

I suggest debugging as follows:

<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");

    if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
        $username = $_POST['heslo'];
        $password = $_POST['jmeno'];
        /* defends SQL injection */
       // $username = stripslashes($username);
        //$password = stripslashes($password);
        //$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
        //$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);

         $sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."'  AND heslo = '".$password."' LIMIT 1";


        echo $sqllogin; //check the sql query string
        $result = mysqli_query($mysqli, $sqllogin);
        print_r($result);
        if (!$result) {
        die(mysqli_error($mysqli));
        }
        $count = mysqli_num_rows($result);       

        if ($count == 1) {
        session_start();
        $_SESSION['loggedin'] = true;
        header('Location: home.php');

        }else {

        echo "<script language='javascript'>alert('Wrong password!');</script>";
    }
    }
?>

If sql string seems correct try querying the database directly and check output. Probably there its not getting the $_POST vars, and not returning a valid $result. Also I suggest you to not handle and save passwords like that but using hash functions like md5(string).

Login suddenly stopped working

2 Answers2