0

Hello the i am having a issue whit this log in script after i log in when it has to go to the links provided it just sends me back to log in again and i don`t understand why cause when i had a search script and not links it work now, not so much . 

<html>
<head>
 <title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit']) || !isset($_SESSION['username'])){
?>

<!-- The HTML login form -->
 <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
  Username: <input type="text" name="username" /><br />
  Password: <input type="password" name="password" /><br />
 
  <input type="submit" name="submit" value="Login" />
 </form>
<?php
} else {
 require_once("db_const.php");
 $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 # check connection
 if ($mysqli->connect_errno) {
  echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
  exit();
 }
 
 $username = $_POST['username'];
 $password = $_POST['password'];
  $_SESSION['username'] = $_POST['username'];
 $sql = "SELECT * from members WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
 $result = $mysqli->query($sql);
 if (!$result->num_rows == 1) {
  echo "<p>Invalid username/password combination</p>";
 } else {
  echo "<table align=center><tr>
  <font color=#000000  face=Arial, Helvetica, sans-serif size=+2>
  <td align=center><p>Logged in successfully</p></td></tr>";
  echo "<tr><td align=center><p>welcome!</p></td></tr>";
  echo "<tr><td align=center><p>what wood you like to work whit today ". $username . "!</p></td></tr></table>";
  
  echo "<table align=center><tr><td align=center><a href=adminsearch.php>
  <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Admin</a></td>";
  
  echo "<td align=center>&hArr;</td>";
  
  echo "<td align=center><a href=constructionsearch.php>
  <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Construction</a></td>";
  
  echo "<td align=center>&hArr;</td>";
  
  echo "<td align=center><a href=drivingsearch.php>
  <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Driving</a></td>";
  
  echo "<td align=center>&hArr;</td>";
  
  echo "<td align=center><a href=industrialsearch.php>
  <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Industrial</a></td></font></table>";
  
  
}
}
?>
Remus Afrem
  • 87
  • 1
  • 1
  • 7
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Jul 20 '15 at 20:43
  • You really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. – Jay Blanchard Jul 20 '15 at 20:44
  • Mr Jay thank you for letting me know about my week security but hash files ,i am steal having trouble understanding them , in the mean time can you please help me out whit this link problem please. – Remus Afrem Jul 20 '15 at 20:57

1 Answers1

0

The way your script is now, it only shows the login form if the form wasn't submitted. So when you navigate to the other links, the form wasn't submitted, so it will show the form. You need to keep track of users that have logged in, either using cookies or sessions. Add this into your code after the username/password have been confirmed:

$_SESSION['username'] = $_POST['username'];

And then instead of this:

if (!isset($_POST['submit'])){

Use this:

if (!isset($_POST['submit']) || !isset($_SESSION['username']){
Kyle
  • 1,757
  • 1
  • 12
  • 22
  • Unfortunately whatever i have added just got the hole page on refresh so i will have to build a 2 page log in one .html and one .php and i will let you know how i went thank you for your time. – Remus Afrem Jul 20 '15 at 21:20