PHP, mySQL, and xampp login form problems

Question

I'm creating a Log-in Form for my employees. I think there's a port problem with my local host port for mySQL on xampp but I don't know. Aren't Apache and mySQL supposed to be run from the same port? but anyway...

On xampp, my apache port is 8080 so "localhost:8080". My mySQL port is 3306 so I used "localhost:3306" for my "$host" variable in my php. Now, "login.php" is the "form action" I used in my html which is also the name of the document, so my php and my html are all on the same page - no separate documents; just to clear that up.

The problem: When I click the equivalent of "submit", none of my "echoed" or "error" code goes through. Basically, the page stays the same. Nothing happens. If I screw up the password on purpose, none of my errors come through. I stay on the same page, unable to see if ANYTHING worked. There's nothing to show me if what I did worked or not.

My phpMyAdmin database name is "accounts" and the table is named "users".

My php is located here

My html is located here

Again:

PHP

<?php
    session_start();
    $host = "localhost:3306";
    $user = "root";
    $pass = "password";
    $db = "accounts";

    mysql_connect($host, $user, $pass);
    mysql_select_db($db);

    if (isset($_POST['user'])) {
        $username = $_POST['user'];
        $password = $_POST['pass'];
        $sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1";
        $res = mysql_query($sql);
        if (mysql_num_rows($res) == 1) {
            echo "You have successfully logged in.";
            exit();
        } else {
            echo "Invalid login information. Please return to the previous page.";
            exit();
        }
    }
?>

HTML

<form action="login.php" method="post">
<p>User</p><input type="text" name="user" size="30" />
<p>Pass</p><input type="password" name="pass" size="30" />
</br><p><submit><input type="submit" name="submit" value="Log In" /></submit></p>
</form>

Please help. I have to get this up and running for an event I have in a week and a half and I still have a LOT of work to do because this has taken me too long.

Thank You, Dan

@SverriM.Olsen The last brace is for `if (isset($_POST['user']))` and OP might have made a typo and meant to do `session_start();` - Many a time, it's a bad copy/paste. Edit: You've edited your comment in regards to my first part. — Funk Forty Niner, Jan 19 '15 at 03:38
Add error reporting to the top of your file(s) right after your opening ` — Funk Forty Niner, Jan 19 '15 at 03:40
You're using the wrong variables in `$sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1";` look at these `$username = $_POST['user']; $password = $_POST['pass'];` error reporting would have thrown an Undefined variable notice. — Funk Forty Niner, Jan 19 '15 at 03:44
I'm getting "Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in C:\xampp\htdocs\test\Project.Orange\staff\login.php on line 9 Invalid login information. Please return to the previous page." — Daniel Johnson, Jan 19 '15 at 03:46
I do not know which version of php I'm using. I'm new to php. is there any way to tell? — Daniel Johnson, Jan 19 '15 at 03:47
$sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1"; What do you mean by the wrong variables? How should that line of code be structured then? — Daniel Johnson, Jan 19 '15 at 03:49
Reload my answer below, I've made a `mysqli_` version near the bottom. — Funk Forty Niner, Jan 19 '15 at 03:51

score 2 · Accepted Answer · edited May 23 '17 at 12:09

You're using the wrong variables in

$sql = "SELECT * FROM users WHERE User='".$user."' AND Pass='".$pass."' LIMIT 1";

Look at these, those are the variables you should be using.

$username = $_POST['user'];
$password = $_POST['pass'];`

Error reporting would have thrown an Undefined variable notice.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Plus this:

<submit><input type="submit" name="submit" value="Log In" /></submit>

<submit></submit> are invalid tags; remove them.

I would also like to note that your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.

Edit:

As per your comment about deprecation, it's time for you to move to mysqli_ or PDO.

Here is a mysqli_ basic version and variables fix:

<?php
session_start();
$host = "localhost:3306";
$user = "root";
$pass = "password";
$db = "accounts";

$connect = mysqli_connect($host, $user, $pass, $db);

if (isset($_POST['user'])) {
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $sql = "SELECT * FROM users WHERE User='".$username."' AND Pass='".$password."' LIMIT 1";
    $res = mysqli_query($connect, $sql) or die (mysqli_error($connect));
    if (mysqli_num_rows($res) == 1) {
    echo "You have successfully logged in.";
    exit();
} else {
    echo "Invalid login information. Please return to the previous page.";
    exit();
}
}
?>

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.

For PHP < 5.5 use the password_hash() compatibility pack.

Thank you very much! It works perfectly! I will learn mySQLi. Thanks again. You saved me a bunch of time! — Daniel Johnson, Jan 19 '15 at 03:56

PHP, mySQL, and xampp login form problems

1 Answers1