0

Good day!

I have been looking for various solutions on the web but I haven't passed by a single one to solve my problem

Basically I have been making a login system with a registration feature, and everything is working well except when I try to register, it doesn't enter into the database that I have made. Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong.

Here's the database:

+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
| studID   | int(11)     | NO   | PRI | NULL    | auto_increment |
| fname    | varchar(30) | NO   |     | NULL    |                |
| lname    | varchar(30) | NO   |     | NULL    |                |
| address  | varchar(80) | NO   |     | NULL    |                |
| username | varchar(20) | NO   |     | NULL    |                |
| password | varchar(20) | NO   |     | NULL    |                |
+----------+-------------+------+-----+---------+----------------+

index.html

<html>
<head>
<title>Welcome!</title>
<style>
</head>
<body>
<form name="form1" method="post" action="login.php">
<div align="center">
<p><img src="images/welcome.jpg" /></p>
  <table id="title">
    <tr>
      <td>Username:</td>
          <td><input type="text" name="username" /></td>
      </tr>
    <tr>
      <td>Password:</td>
        <td><input type="password" name="password" /></td>
      </tr>
    <tr>
      <td>&nbsp;</td>
        <td><input type="submit" name="submit" value="Log In" /></td>
      </tr>
  </table>
<p>New here? <a href="signup.php">Register!</a></p>
</div>
</form>
</body>
</html>

login.php

<?php
include("db.php");

session_start(); 

$username=($_POST['username']);
$password=($_POST['password']);

$result=mysql_query("SELECT count(*) FROM student WHERE username='$username' and password='$password'");

$count=mysql_fetch_array($result);

if($count==0){
  session_register("username");
  session_register("password");
  header("location:success.php");
} else {
  echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
  }
?>

and db.php

<?php  
    $conn = mysql_connect('localhost', 'root', 'ella');
     if (!$conn)
    {
     die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("studrecord", $conn);
?>

signup.php (it's quite long, will cut some unnecessary parts)

<html>
<head>
<title>Register</title>
</head>
<body>
<form action="index.html">
  <table id="title">
    <tr>
      <td>First Name:</td>
        <td><input type="text" name="fname" /></td>
      </tr>
    <tr>
      <td>Last Name:</td>
        <td><input type="text" name="lname" /></td>
      </tr>
    <tr>
      <td>Address:</td>
        <td><input type="text" name="address" /></td>
      </tr>
    <tr>
      <td>Username:</td>
        <td><input type="text" name="username" /></td>
      </tr>
    <tr>
      <td>Password:</td>
        <td><input type="password" name="password" /></td>
      </tr>
    <tr>
      <td>&nbsp;</td>
        <td><input type="submit" name="submit" value="Sign Up" /></td>
      </tr>
  </table>
</div>
</form>

<?php
if (isset($_POST['submit']))
    {      
    include 'db.php';

                    $fname=$_POST['fname'];
                            $lname=$_POST['lname'];                 
                    $address=$_POST['address'];
                    $username=$_POST['username'];
                    $password=$_POST['password'];

         mysql_query("INSERT INTO student(fname,lname,address,username,password) 
         VALUES ('$fname','$lname','$address','$username','$password')"); 
            }
?>
</...

Thank you in advance!

Ella Durban
  • 13
  • 1
  • 1
  • 3

4 Answers4

1

Looking at your signup.php document, it looks like your form action takes you back to the index.php page. That means the logic of the following PHP code never actually takes place. Use this:

<form action="signup.php" method="post">

instead of <form action="index.html">.

Try changing the form action to the page itself and see if you get data inserted into your table.

Some side notes:

  • As others have said here, the mysql commands are deprecated in current versions of PHP, so either mysqli or PDO would be better to use.
  • Instead of asking for 'SELECT count(*) FROM student WHERE username='$username' and password='$password', it might be better to just ask for the result rows themselves by replacing COUNT(*) with simply *. You may then use mysqli_num_rows to count the rows.

  • I hope I'm not missing anything, but I am a little confused by the logic on your index.php page. You say

    if($count==0){
    // Register a session ...
} else { 
    // Wrong password/username...
}

    where I think you mean if($count > 0), because you want a row to exist with that username/password combination.

  • If you plan on using database queries extensively in your project, I highly recommend reading the documentation on PDO and prepared statements in particular. This will allow you to largely avoid SQL injection issues and also to more easily prepare flexible queries.

Good luck in your endeavors!

  • @EllaDurban Any time. There's a great SO post about prepared statements [here](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php/60496#60496). It's still relevant, even though it was answered five years ago. –  Aug 04 '13 at 13:41
0

Try changing the count query to this. Also stay well away from mysql_* functions as they are depreciated.

<?php
include("db.php");

session_start(); 

$username=($_POST['username']);
$password=($_POST['password']);

$result=mysql_query("SELECT * FROM student WHERE username='$username' and password='$password'");

$count=mysql_num_rows($result);

if($count==0){
  session_register("username");
  session_register("password");
  header("location:success.php");
} else {
  echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
  }
?>
Ben Fortune
  • 31,623
  • 10
  • 79
  • 80
  • "Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong." – Ben Fortune Aug 04 '13 at 13:09
0

you are login with wrong password because you are not checking if exist in database , change your code to this.

change this

   $count=mysql_fetch_array($result);

 if($count==0){
 session_register("username");
 session_register("password");
 header("location:success.php");
 } else {
   echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
 }

to

     $count=mysql_num_rows($result);

 if($count > 0){
  session_register("username");
  session_register("password");
  header("location:success.php");
 } else {
   echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
 }

in your register yfile you are checking with same name of login and signup

   if (isset($_POST['submit']))
                      ^^^-------name

change the name of register input .

to this

    if (isset($_POST['register_form']))

and put it in your form.

and change your form

      <form action="index.html">

to

     <form action="signup.php" method ="POST" name="register_form">
echo_Me
  • 37,078
  • 5
  • 58
  • 78
  • Thanks, the login is working well now. I edited the register file as you said, but any of my inputs as I signup still can't be inserted into database. – Ella Durban Aug 04 '13 at 13:31
  • you just change action to `signup.php` because you was using index.html in action and like that should work everything :). wish i could help you.sorry i was not here – echo_Me Aug 04 '13 at 14:22
0

Not an awnser to your question but change 

$username=($_POST['username']);
$password=($_POST['password']);

to 

$username=mysqli_real_escape_string($_POST['username']);
$password=mysqli_real_escape_string($_POST['password']);
Amal Murali
  • 75,622
  • 18
  • 128
  • 150
Elpy
  • 272
  • 1
  • 4