Can't get login session to work

Question

I can't get my loginfunction to work. For some reason, it doesn't properly create the session. I hope someone finds the error in my code and is able to help me. Don't worry about all the Gets, and the unencrypted password (i am not selecting it encrypted only inputing it) it will come as soon as i got the php to work.... I just entered a database input with an unencrypted password and an username. for some reason i always get the output"your username or password is wrong". It's refusing to go into the if case, and it's not creating the session therefore.

if(isset($_GET["login"])){
    login_DB();
}
//funktionsdefinition des logins
function login_DB(){
if (empty ($_GET['username'])||empty ($_GET['password'])){
    $error = "Please enter a Username and a Password";
    echo $error;
}
else
{
    require("dbconnect.php");
    $username = $_GET['username'];
    $password = $_GET['password'];

    //Sql query zur datenbankabfrage
    $query = "select * from login where password='$password' AND username='$username'";
    $result = $con->query($query);
    var_dump($result);

    if ($result->num_rows > 0) {
                session_start();
                // Store Session Data
                $_SESSION['login_user']= $username;  // Initializing Session with value of PHP Variable
                echo $_SESSION['login_user'];
                echo"you are no logged in";
        }

        else {
            echo "Your username or password is wrong";
    }



}

}

<div id="loginregisterdiv"> 
        <form action="M133_A_140.php" method="get">
            <input type="text" name="username">
            <input type="password" name="password">
            <input type="submit" name="login" value="Login"    onclick="insert()" />
            <input type="submit" name="register" value="Registrieren"/>
        </form>
    </div>

Have you tried changing the query to have fixed username and password which you know is valid (test the query) and see if the if statement validates? also it might be worth outputting `$result->num_rows` — , Jan 19 '16 at 13:48
sidenote: don't send info like that through a GET, use POST. — Funk Forty Niner, Jan 19 '16 at 13:56
@Fred-ii- please read my description :) will be changed as soon as i get the essential code running — Econ, Jan 19 '16 at 13:57
so what does this do? `onclick="insert()"` seems you're using JS but not showing us. Check for errors, check your console. — Funk Forty Niner, Jan 19 '16 at 13:57
Better put `session_start();` at the top. That `var_dump($result);` coming before `session_start();` may affect it. — birraa, Jan 19 '16 at 13:57
plus, if you happen to be using the same variables for your connection for both username and password, then that could do it. hard to say why your code's failing you, but I've answered quite a few questions because of just that. — Funk Forty Niner, Jan 19 '16 at 13:59
people suggest u to use cookie, i dont know y.... well ist of run your query manualy in phpmyadmin ... **select * from login where password='yourpassword' AND username='yourusername'** — devpro, Jan 19 '16 at 14:01
and if those other functions are related to `require("dbconnect.php");` then that's another unknown. If that code you shown us is all that you have, then that's failing you. If it's not being shown on other pages, then make sure you check for errors in there also, because you're using sessions, those are only associated with subsequent pages. no idea how this is coming from `$_GET["login"]`. again, check for errors. you have answers below. — Funk Forty Niner, Jan 19 '16 at 14:01
Copy and past this on top of the php file error_reporting(-1); it'll show you what kind of error you have — Puya Sarmidani, Jan 19 '16 at 14:05
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Jan 19 '16 at 14:19
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Jan 19 '16 at 14:19
I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."*. If you don't have time to do it right the first time, when will you find the time to add it later? — Jay Blanchard, Jan 19 '16 at 14:20

score 0 · Answer 1 · answered Jan 19 '16 at 13:50

0

try to set a cookie with:

setcookie("cookie_name", "cookie_value", time() + (86400 * 30), "/"); // 86400 = 1 day

and read it with:

$myvar = $_COOKIE["cookie_name"];

answered Jan 19 '16 at 13:50

Hollo1001

1

Php seasons send a cookie anyway – Jan 19 '16 at 14:25

Can't get login session to work

1 Answers1