2

i have a form file with name form1.php

<?PHP
//form.php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
        <title>form</title>
</head>

<body>
        <?PHP if (isset ($_SESSION["notfound"])) { ?> 
                <h2 style="text-align:center">Wrong user name or password</h2>
        <?PHP unset($_SESSION["notfound"]);}
         if (isset ($_SESSION["empty"])) {?>
                <h2 style="text-align:center">Empty</h2>
        <?PHP unset($_SESSION["empty"]); }?>

    <form name="signin" action="http://localhost/M1.php" method="post">
    <table>
        <tr>
            <td>
            <label>
            Username<input type="text" name="name" size="32"/>
            </label>
            </td>
            <td>
            <label>
            Password <input type="password" name="pass" size="32"/>
            </label>
            </td>
            <td>
            <input type="submit" value="Login" />
            </td>
        </tr>
    </table>
    </form>

and controll file M1.php

<?php
$name=$_POST["name"];
$pass=$_POST["pass"];
if((!empty($name)) && (!empty($pass)))
{
    session_start();
    if($conection=mysql_connect("localhost","","")===false)
        die("not connect to data base");

    if(mysql_select_db('login',$conection) ===false)
        die("data base not found");


    $sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

    $dbpass=mysql_query($sql);

    if ($dbpass==$pass) 
    {
        $_SESSION["authenticated"]=true;
        header("Location: http://localhost/home.php");
        exit;
    }
     else   //if ($dbpass===false)
    {
        $_SESSION["notfound"]=true;
        header("Location: http://localhost/form1.php");
        exit;
    }
}
else
{
    $_SESSION["empty"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}
?>

*i am useing xampp for runing them i have data base loging which contain a table signin when i fill the form with same user name and password which i save in signin table and click submit it return me on form1.php with session 'notfoun' and when i submit empty form it return me without seting empty session *

Shijin TR
  • 7,516
  • 10
  • 55
  • 122
user3392409
  • 77
  • 1
  • 4
  • 1
    session_start(); should be at the very top of file – yantrakaar Mar 07 '14 at 11:59
  • Your db access code is wrong. The result of a `$dbpass=mysql_query($sql);` is a resource handle and not the password from the query. You now need to fetch the results that your query generated. Have a look at the manual http://uk1.php.net/mysql_fetch_row – RiggsFolly Mar 07 '14 at 12:01
  • thanks due to this empty file is also responding empty but data base is stil not accessing – user3392409 Mar 07 '14 at 12:04
  • $dbpass=mysql_query($sql); is wrong yar.. Use mysql_fetch_row() or mysql_fetch_array() – Vaisakh Pc Mar 07 '14 at 12:05

3 Answers3

1

You are not fetching data from database and you make a condition based on execute query = $pass which will be always false, so change to

$dbpass=mysql_query($sql);
$result = mysql_fetch_array($dbpass);
$passw = $result['password'];

if ($passw==$pass) 
{
  //logged

As side note i would say a couple of thing. First I notice you sanitized your input which is a good pratice, but you really should switch to prepared statments with either PDO or mysqli so you will avoid any risk of mysql injection, also because mysql_* functions are deprecated. Second saving a password in plain text in database is a very bad pratice, you should really encrypt it and save an hash of the password in database, there is anice post about that here. Further more I think that session_start(); should be placed at the top of your file to work correctly.

Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
0

What's the error you're getting?

Anyway, how do you connect through your database? I see you have put the username and password as an empty string. You should try to put in a user/pass of an existing user:

mysql_connect syntax:

mysql_connect(host,username,password,newlink,clientflag)

example:

mysql_connect("localhost","root","")

or 

mysql_connect("localhost","root","password")
aksu
  • 5,221
  • 5
  • 24
  • 39
andregoncalves
  • 57
  • 6
  • 1
    Of course he's left them blank, or did you expect him to post his database login credentials on SO? – The Blue Dog Mar 07 '14 at 12:06
  • Lol of course not. But he didn't refer anything regarding the user and pass, so this could be a problem. – andregoncalves Mar 07 '14 at 12:12
  • i am using xampp for phpMyAdmin & the deafult username and password is empty. I try it also on wampp where fill the deafult username and deafult password & and also make the suggested changes but it still not work – user3392409 Mar 08 '14 at 10:02
0

It's firstly good time to make use of PDO or mysqli rather then using mysql which is deprecated in latest PHP version.

While passing db connection values, I feel you missed out the username & password, which should help you connect the database.

Later, mysql_query("SELECT_QUERY"); returns result object, whose values should be read by mysql_fetch_assoc() which returns the db row into associative array form.

Finally your code should look like,

$sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

$result = mysql_query($sql);
$dbpass = mysql_fetch_assoc($result);
$dbpass = $dbpass['password'];
if ($dbpass==$pass) 
{
    $_SESSION["authenticated"]=true;
    header("Location: http://localhost/home.php");
    exit;
}
 else   //if ($dbpass===false)
{
    $_SESSION["notfound"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}
rsakhale
  • 1,018
  • 13
  • 26
  • **i change my code but still it is not working and shows** _wrong username and password_ – user3392409 Mar 08 '14 at 10:09
  • Hope the code worked for you, but also start reading on *mysqli* or PDO http://in1.php.net/manual/en/mysqli.quickstart.statements.php – rsakhale Mar 09 '14 at 06:45