Login system PHP won't return anything

Question

I need help to fix my database. I don't understand why it doesn't returns anything. Using USBWebserver with MySql. The login file doesn't returns anything in the browser not even an error message. Please help me

<!DOCTYPE html>

<?php
mysql_connect('localhost', 'root', 'usbw');
mysql_select_db('login');

if(isset($_POST['login'])) {
  $gebruiker = mysql_real_escape_string($_POST['naam']);
  $wachtwoord = sha1(mysql_real_escape_string($_POST['password']));

  $query = mysql_query("SELECT user_id, username, userlevel
    FROM users
    WHERE username = '$gebruiker'
    AND password = '$wachtwoord' ");

  // aantal rijen uit de database halen
  $result = mysql_num_rows($query);

  // session variabele starten waaraan je data koppelt
  $sess_var = mysql_fetch_assoc($query);
  $userlevel = $sess_var['userlevel'];

  if ($result == 1){

    // sessie starten en variabelen in de sessie opnemen
    session_start();
    $_SESSION['userlevel'] = $userlevel;
    $_SESSION['gebruiker'] = $gebruiker;
    $_SESSION['wachtwoord'] = $wachtwoord;

    // userlevel controleren en vervolgens bezoeker doorsturen
    // naar de juiste pagina's voor zijn/haar rechten
    if($userlevel == 1){
      header('location:index.php');
      exit();
    } elseif($userlevel == 3) {
      header('location:index.php');
      exit();
    } else {
      header('location:index.php');
      exit();
    }
  }
  mysql_error();
?>

<html>
  <head>
    <style type="text/css">
      ul {list-style: none;}
    </style>
  </head>
  <body>

    <form method="post" action="">
    <ul>
      <li>Gebruikersnaam:</li>
      <li><input typ="text" name="naam" /></li>
      <li>Wachtwoord:</li>
      <li><input type="password" name="password" /></li>
      <li><input type="submit" name="login" value="login" /></li>
    </ul>
  </form>
</body>

If your browser doesn't show anything, 99% is due a syntax error: **check your error log**. You don't close `if(isset($_POST['login'])) {` brackets. — fusion3k, Feb 18 '16 at 18:03
Just a couple of tips 1) move the `<!DOCUMENT html>` under your php block just for looks. 2) make your code in English instead of Dutch. This is much easier as everyone will understand what happens — SuperDJ, Feb 18 '16 at 18:04
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Feb 18 '16 at 18:32
Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Feb 18 '16 at 18:32
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Feb 18 '16 at 18:33
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Feb 18 '16 at 18:33
You have at least one basic syntax error. Some of these would become evident if you properly tabbed your code. — Jay Blanchard, Feb 18 '16 at 18:38

Robbert · Accepted Answer · 2016-02-18T18:52:53.690

0

If your code sample above is complete, you're missing a closing parenthesis. if(isset($_POST['login'])) { is not closed.

Also, you are outputting content to the client before starting the session. session_start must be called before anything is written for output. Move everything before the opening <?php tag to after a point where session_start(); is called.

As others have mentioned, stop using mysql_* functions. Look into mysqli or pdo.

edited Feb 18 '16 at 18:52

answered Feb 18 '16 at 18:39

Robbert

6,481
5
35
61

The session is not started until the submit button is clicked, so the form output is not hurting that ... for the moment. – Jay Blanchard Feb 18 '16 at 18:41

Login system PHP won't return anything

1 Answers1