Why does my code always return "Wrong username and password"?

Question

Sorry if this is a frequent question but I'm stumped.

<?php
session_start();
unset($_SESSION['logerror']);

$host="localhost"; // Host name
$db_name="website_database.sqlite"; // Database name
$tbl_name="User"; // Table name

$con= sqlite_open("Website_Database.sqlite");

// username and password sent from form
$username=$_POST['Username'];
$password=$_POST['Password'];


$sql="SELECT * FROM ".$tbl_name." WHERE Username='".$username."' and Password='".$password."'";
$result= sqlite_query($con,$sql);

// Mysql_num_row is counting table row
$count= sqlite_num_rows($result);

// If result matched $username and $password, table row must be 1 row


if($count==1){

// Register username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
echo "Login Successful";
}
else {
echo "does this work nikhil";
}
?>

I am using SQLite and it is running off a USB. The file is website_database.sqlite

The table is User. The data within is Username : 000001 and Password : password

The post data coming from the previous form is this

<form action="checklogin.php" method="post">
        <div class="wrap"> <!--make a container that will have all our elements and will be the main stucture of you pages-->
            <div class="logo"></div><!--The logo container-->
            <div class="header_text">Room Booking</div><!--The main header of the fomr-->
            <div class="logins_details_container"><!--The top container-->
                <table class="fields_container"> <!--A simple 2x2 table for the form. We choose to use table as for this simple kind of stuff helps us to be everything well stuctured and putting less attributes at the css-->
                    <tr>
                        <td><span>Username</span></td>
                        <td><input class="field" id="Username" name="Username" value="" placeholder="" type="text" /></td>
                    </tr>
                    <tr>
                        <td><span>Password</span></td>
                        <td><input  class="field" id="Password" type="Password" name="Password" value="" placeholder="" /></td>
                    </tr>
                </table>
                <div class="remeber_me_container"><!--A container for the Remember me text and the checkbox-->
                    <div class="remember_me">Remember Me?</div>
                    <input  id="remeber_me" name="" value="" type="checkbox" />
                </div>
                <div class="login_btn"><!-- The login button-->
                    <input name="login_btn" value="Login" type="submit" />
                </div> 
            </div>
    <form/><!-- End of the logins_details_container -->

You are **wide open** to SQL injection attacks, and you will be hacked if you haven't been already. Please use prepared / parameterized queries to prevent this from happening. See also: [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/) — Amal Murali, Apr 18 '14 at 15:22
When in doubt, always `print_r($_POST);` to see if the username and password got `POST`ed. As Fred noted above, your password's name `attribute` is empty. If you had [enabled **error reporting**](http://stackoverflow.com/a/6575502/1438393), you'd have found this out easily. — Amal Murali, Apr 18 '14 at 15:25
*"The plot thickens"* - Glad I didn't make it an answer. Question was edited with `name="Password"` ---- *now what?* — Funk Forty Niner, Apr 18 '14 at 15:37
@user3548794: _Not to worried about SQL injections_ - Dude, NO! Just NO! — The Blue Dog, Apr 18 '14 at 15:43
@TheBlueDog I'm not aiming to learn coding in the future. This is just to get this page working. Which I still cant do. How does the print_r($_POST) work? Do I just stick it anywhere in my code? — user3548794, Apr 18 '14 at 15:44
Array ( [Username] => 000001 [login_btn] => Login ) Think I got it guys :) for some reason its using the word login from my login button? I have no clue why? — user3548794, Apr 18 '14 at 15:47
@user3548794: Well if you decide to become a car mechanic, remind me never to bring my car to you with dodgy brakes ;) — The Blue Dog, Apr 18 '14 at 15:48
@TheBlueDog If I can't fix this simple code I don't think I'll be qualified to fix a car. So I wouldn't recommend coming to me either. Have you any clue why my Login button is submitting the word login? and password isn't submitting anything? — user3548794, Apr 18 '14 at 15:53
Using your HTML code and filling the fields out with user/pass, `print_r` returns `Array ( [Username] => user [Password] => pass [login_btn] => Login )` which is what it's supposed to do. Don't worry about the button returning `Login`, that's normal. Are you actually entering a password? — The Blue Dog, Apr 18 '14 at 16:08
@TheBlueDog yeah :\ let me try running it on something other than this sandbox thingy. Ah good I was confused about the button bit. Nope it doesn't return any password for me :( — user3548794, Apr 18 '14 at 16:11
Hang on a minute, which version of PHP are you using? `session_register` was removed in PHP 5.4.0. Do you have error reporting enabled? — The Blue Dog, Apr 18 '14 at 16:17
@TheBlueDog I have no clue what PHP I am using :\ sorry. I was just given PHPonastick and told to get to it — user3548794, Apr 18 '14 at 16:27
Stick `echo phpinfo();` in a new script and call it, the version number will be in there. — The Blue Dog, Apr 18 '14 at 16:30

score 1 · Answer 1 · answered Apr 18 '14 at 15:27

1

In your form the Password input field's name attribute is empty. I suppose you would want this:

<td><input  class="field" id="Password" type="Password" name="Password" value="" placeholder="" /></td>

answered Apr 18 '14 at 15:27

gsanta

754
6
21

@Fred -ii- I only just noticed there were comments, pretty new to stackoverflow as you can tell – user3548794 Apr 18 '14 at 15:36
Welcome aboard @user3548794 – Funk Forty Niner Apr 18 '14 at 15:39

The Blue Dog · Answer 2 · 2014-04-18T18:45:49.240

I'm just posting this as a temporary answer because it's too much for a comment.

For whatever reason, your current code doesn't appear to be posting the password value, so let's try and narrow it down a bit with some really simple code. Replace all your code in checklogin.php with this and fire it up. Enter a user and pass, hit submit and let me know what the result of print_r is.

if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    echo '<form action="checklogin.php" method="post">
    <input name="Username"><br>
    <input type="Password" name="Password"><br>
    <input value="Login" type="submit">
    </form>
    ';
}else{
    print_r($_POST);
}

If it returns a username and password, replace the print_r($_POST); with your other PHP code and see if the login works. Again, post the result...

The only thing I can see is a missing </div> in your HTML and the incorrect </form> closing tag. You typo'd remember_me a couple of times, too.

<form action="checklogin.php" method="post">
    <div class="wrap"> <!--make a container that will have all our elements and will be the main stucture of you pages-->
        <div class="logo"></div><!--The logo container-->
        <div class="header_text">Room Booking</div><!--The main header of the fomr-->
        <div class="logins_details_container"><!--The top container-->
            <table class="fields_container"> <!--A simple 2x2 table for the form. We choose to use table as for this simple kind of stuff helps us to be everything well stuctured and putting less attributes at the css-->
                <tr>
                    <td><span>Username</span></td>
                    <td><input class="field" id="Username" name="Username" value="" placeholder="" type="text" /></td>
                </tr>
                <tr>
                    <td><span>Password</span></td>
                    <td><input class="field" id="Password" type="Password" name="Password" value="" placeholder="" /></td>
                </tr>
            </table>
            <div class="remember_me_container"><!--A container for the Remember me text and the checkbox-->
                <div class="remember_me">Remember Me?</div>
                <input id="remember_me" name="" value="" type="checkbox" />
            </div>
            <div class="login_btn"><!-- The login button-->
                <input name="login_btn" value="Login" type="submit" />
            </div> 
        </div>
    </div><!-- THIS ONE!-->
</form><!-- NOT <form/>!-->

Yeah this one returned with all 3 values - a username a password and the login. . — user3548794, Apr 18 '14 at 18:09
Omg you magician. What did you do to make this work ! It returned all 3 values and Login succesful — user3548794, Apr 18 '14 at 18:11
I didn't actually do anything, there is obviously a mistake in your HTML somewhere, but I can't see it for looking. — The Blue Dog, Apr 18 '14 at 18:13

Why does my code always return "Wrong username and password"?

2 Answers2