PHP MySQL authentification is not working

Question

Hello i am creating an authentification for using php and mysql. But unfortunatly, i can't able to get the result successfull i expected. here is the source code.

<?php
ob_start();
    $host = "localhost";
    $user = "dddddd";
    $password = "";
    $database = "dddddd";
    $tbl_name="uuuuuu";



if(mysql_connect("$host", "$user", "$password")){
        echo"fine";
    }
else {
    echo"cannot connect"; 
} 


mysql_select_db("$database")or die("cannot select DB");


$utilisateur=$_POST['utilisateur']; 
$pass=$_POST['pass']; 

$utilisateur = stripslashes($utilisateur);
$pass = stripslashes($pass);
$utilisateur = mysql_real_escape_string($utilisateur);
$pass = mysql_real_escape_string($pass);

$query=mysql_query("SELECT * FROM $tbl_name WHERE utilisateur='$utilisateur' and pass='$pass'");

if($query){
    $count=mysql_num_rows($query);
    session_register("utilisateur");
    session_register("pass"); 
    header("location:login_success.php");
}
else {
echo "wrong username and password";
}
?>

login_success.php :

<?php
session_start();
if(!session_is_registered(utilisateur)){
header("location:portail.php");
}
else{
    echo"Connexion failed";
}
?>

The error meesage: it displays the error message as below:

wrong username and password

from the if statement. normally i need to get login

Your query failed. You need to find out why. Check mysql_error(). — John Conde, Nov 13 '14 at 15:57
Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Nov 13 '14 at 15:58
[`session_register()`](http://php.net/manual/en/function.session-register.php) <= deprecated, as is `mysql_` but we won't get into that right now. Plus, your form elements are named, right? Here, [**use this, click me.**](http://php.net/manual/en/function.error-reporting.php) — Funk Forty Niner, Nov 13 '14 at 15:58
@Fred : yes my form is named correctly, the error exist just after the first part of the code! — Devarajan Sekaran, Nov 13 '14 at 16:09
You are coding for highly obsolete PHP versions. mysql_*() functions are deprecated, and session_register is positively stone-age. You're also simply assuming your query is working properly. `if ($query===false) {die(mysql_error());}` will help you figure out if it is. — Marc B, Nov 13 '14 at 16:10
As per my comment above, add error reporting (the *use this, click me* part) to the top of your file(s) right after your opening ` — Funk Forty Niner, Nov 13 '14 at 16:11
You're also not doing anything with `$count`. Something like `if($count >0){...}` ought to do it. — Funk Forty Niner, Nov 13 '14 at 16:13
Plus, it's not shown in your first body of code, but `session_start();` is missing. You will need to visit http://php.net/manual/en/function.session-register.php and you will see it is deprecated as of PHP 5.3.0 and REMOVED as of PHP 5.4.0 — Funk Forty Niner, Nov 13 '14 at 16:24

vaso123 · Answer 1 · 2014-11-13T16:37:13.880

0

As others sad, do not user mysql_* functions because they are deprecated.

Anyway, now i show you the logic, what you need to do. If you get it, rewrite it to mysqli_* functions, but first understand, what i do. See my comments.

<?php
ob_start();
session_start();
$host = "localhost";
$user = "dddddd";
$password = "";
$database = "dddddd";
$tbl_name = "uuuuuu";

//No need the qutes here
if (mysql_connect($host, $user, $password)) {
    echo"fine";
} else {
    echo"cannot connect";
}

//No need the qutes here
mysql_select_db($database)or die("cannot select DB");


//No need this block
//I will use them directly ($_POST), because we do not use them later
/*
$utilisateur = $_POST['utilisateur'];
$pass = $_POST['pass'];
$utilisateur = stripslashes($utilisateur);
$pass = stripslashes($pass);
$utilisateur = mysql_real_escape_string($utilisateur);
$pass = mysql_real_escape_string($pass);
*/

$query = mysql_query("SELECT * FROM ".$tbl_name.""
    . " WHERE utilisateur='".mysql_real_escape_string($_POST["utilisateur"])."'"
    . " AND pass='".mysql_real_escape_string($_POST["pass"])."'");

$count = mysql_num_rows($query); //Count here, and count in the condition
//If connection was good, query will be a resource
if ($count) {
    $_SESSION["utilisateur"] = $_POST["utilisateur"];
    $_SESSION["pass"] = $_POST["pass"];
    header("location: login_success.php");
    die(); //Add a die() here
} else {
    echo "wrong username and password";
}

edited Nov 13 '14 at 16:37

answered Nov 13 '14 at 16:14

vaso123

12,347
4
34
64

`session_start();` is missing. – Funk Forty Niner Nov 13 '14 at 16:25
You're welcome. However, I think it needs to be below `ob_start();` if I do recall. – Funk Forty Niner Nov 13 '14 at 16:31
Fixed, but can me explain why? – vaso123 Nov 13 '14 at 16:37
[`ob_start()`](http://php.net/manual/en/function.ob-start.php) starts the output buffering and ensures that session headers won't be affected nor sent to the browser. – Funk Forty Niner Nov 13 '14 at 16:40
Actually, it's probably not even needed if OP doesn't have anything above PHP. He/she just needs to be sure there is no outputting before header http://stackoverflow.com/q/8028957/ – Funk Forty Niner Nov 13 '14 at 16:42
1

I'm real curious to know what progress (if any) the OP is making. Haven't heard anything from the OP since last comments, including your posted answer. – Funk Forty Niner Nov 13 '14 at 17:03

PHP MySQL authentification is not working

1 Answers1