-1

I have no idea why this isn't working.

I'm a beginner programmer trying to get to grips with a basic login system but I keep getting a server error 500

"The website encountered an error while retrieving http://localhost:8888/checklogin.php. It may be down for maintenance or configured incorrectly."

I'm trying to follow this tutorial http://www.phpeasystep.com/phptu/6.html

I'm using MAMP and I seem to have the db created ok because when I run a test script, it can echo the username and password

Here's my code

main_login.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

checklogin.php

<?php

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="root"; // Mysql password 
$db_name="Carepackage"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

login_success.php

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>
Nyhan
  • 111
  • 2
  • 2
  • 12
  • 1
    You should show errors http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php And you're using a _horrible_ tutorial. Find something that uses PDO or Mysqli and use prepared queries (binding variables) and the password_hash api. – JimL Jan 17 '16 at 21:21
  • Locate the error logging file and post the error (Likely a syntax error) – Matt Jan 17 '16 at 21:24
  • you're using 3 deprecated functions. `mysql_*` and `session_register()` and `session_is_registered()`. – Funk Forty Niner Jan 17 '16 at 21:24
  • 2
    Please don't use that tutorial. This looks like a better tutorial (honestly I've just checked if it uses PDO and the Password Hashing API) http://www.codingcage.com/2015/04/php-login-and-registration-script-with.html – Charlotte Dunois Jan 17 '16 at 21:37

1 Answers1

-1

For starters, dont use the mysql class, use mysqli, it´s newer and safer for injections.

You don´t actually have a form tag in the main_login.php, you should wrap the code you have in 

<form action="checklogin.php" type="post">
//Your current code
</form>

and then check out the mysqli object documentation instead.

Daniel Lind
  • 97
  • 5