0

I am trying to validate a user's login credentials using PHP. When a user enters a wrong password, or if user simply doesn't exist, the code redirects to a blank page with the appropriate error message.

What I want hover, is when I change my registration field to validate the credentials, it must output the error message, as well the login area. For example, when the user doesn't fill in all fields, he'll be presented with a new page, the appropriate error message, and the login area below.

I looked at my coding but i cant decipher why the registration displays my error message on an empty page, without the login area under it.

This is my login

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
$host_name = 'localhost';
$db_user ='root';
$db_pass = '';
$db_name = 'login';
/* Connect to MySQL */
 $con = mysql_connect("$host_name","$db_user","$db_pass") or die ("Couldn't connect!");
 $db = mysql_select_db("$db_name") or die ("Couldn't connect to database!");

 $query = mysql_query("SELECT * FROM users WHERE username='$username'");
 $numrows = mysql_num_rows($query);
 if ($numrows!=0)
    {
    while ($row = mysql_fetch_assoc($query))
    {
        $dbusername = $row['username'];
        $dbpassword = $row['password'];
    }
    /*Check to see if they match! */
    if ($username==$dbusername&&$password==$dbpassword)
    {
        echo "You're in! <a href='member.php'> Click</a> here to enter the member page";

    }
    else
        echo "Incorrect password";
    }
     else
        die("That user doesn't exist!");
    }
 else
    die("Please enter username and/or password!");




?>

The second code is for my registration page which displays my error message on same page

<?php
echo "<h1>Register</h1>";

if (isset($_POST['submit']))
{
/* Form data */
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));
$repeatpassword = md5(strip_tags($_POST['repeatpassword']));
$date = date("Y-m-d");
    }
if ($submit)

/*check for existance */
if ($fullname&&$username&&$password&$repeatpassword) 
{

}


else 
    echo "<font color='red'><b>Please fill in all fields!</font></b>";

?>
Jeroen
  • 15,257
  • 12
  • 59
  • 102
user3369387
  • 13
  • 1
  • 1
  • 3
  • 1
    Using user input with out prior sanitization leads to SQL injection which is bad, STOP using `mysql_*` which is deprecated and use MySQLi or PDO with prepared statement to avoid SQL injection and an old library that will lose its support. You should check if your POST data is set or not, you should not store passwords as plain text and if you're not you're not comparing equal passwords as you're not encrypting the one received, you should use session so your other pages know the user is logged in – Prix Mar 03 '14 at 00:05
  • [Here is a very simple and good example for you](http://stackoverflow.com/questions/18971570/simple-php-sql-login-troubleshooting) – Prix Mar 03 '14 at 00:06
  • My PHP is a little rusty, but if I am correct you are open to mysql injection attacks. Imagine the user enters the following username: someUsername'; DROP TABLE users; To avoid problems like these and to have some easy validation mechanism I'd recommend using some framework (or at least some library for accessing the database that sanitizes user input). A framework that I really liked some time ago was CakePHP – Vasil Dininski Mar 03 '14 at 00:09

0 Answers0