Creating a login system in PHP

Question

Can someone please help me? My username is Blimeo and my password is \"password\" but when I put my credentials in, it says \"Access denied\" like I told it to. I am 100% su

Answer 1

First of all, you should start your session on the first line of the page.

You should as well update your code to use PDO statements instead of mysql functions. These are slower and mysqli prone.

Then, you need to check if the num rows returned is equal to 1 and not greater than 0. That would be a security issue, as your script can be manipulated to return more than 1 row, and then it would validate and enter the secure area.

The problem seems to me, that, your password doesn't match the db. echo the sha1 of your password and see if it matches the table.

Answer 2

UPDATE, 2016

Please only use existing login systems, which are provided out-of-the-box in nearly every PHP framework! There's absolutly no reason to write this by yourself, as user authentication is a big topic and it will take months (years) to write a serious, stable and modern login solution.

ORIGINAL TEXT, FROM 2012:

As login systems are a security issue and EVERYBODY makes the same mistakes over and over again, i can clearly say:

Take a professional script and work through the code to understand whats happening, what hashing and salting is and what problems session can have.

[removed outdating link]

Here are three projects that might be what you need:

https://github.com/panique/php-login-one-file

https://github.com/panique/php-login-minimal

https://github.com/panique/huge

Answer 3

It seems like where the script is breaking is when it's testing for the mysql_num_rows().

Right before:

if ($total > 0)
{

Perhaps try adding the following line to test and make sure that $total is indeed > 0:

echo $total;

Other than that, try testing the mysql query to make sure it'll return at least 1 row from the DB.

Answer 4

make database in mysql then run this code::

<table border="0" align="center" cellpadding="0" cellspacing="0" width="300">
<tr>
    <td>
        <form method="post" action="flogin.php">
            <table width="100%" cellpadding="7" cellspacing="0" border="0">
                <tr>
                    <td colspan="3"><center><strong>Insert Values In DataBase </strong></center><br /></td><br />
                </tr>
                <tr>
                <td width="30%">Name</td>
                <td width="10%">:</td>
                <td width="60%"><input type="text" name="name" /></td>
                </tr>
                <tr>
                <td width="30%">Last Name</td>
                <td width="10%">:</td>
                <td width="60%"><input type="text" name="lastname" /></td>
                </tr>
                <tr>
                <td width="30%">Email</td>
                <td width="10%">:</td>
                <td width="60%"><input type="text" name="email" /></td>
                </tr>
                <tr>
                <td colspan="3"><center><input type="submit" name="submit" /></center><br /></td>
                </tr>
            </table>
        </form>
    </td>
</tr>
</table>









<?php
mysql_connect("localhost", "root", "") or die("can not connect to database");
mysql_select_db("flogin")or die("can not connect");

if (isset($_POST['submit'])){
    $name=$_POST['name'];
    $lastname=$_POST['lastname'];
    $email=$_POST['email'];

    $query=mysql_query("INSERT INTO info(name, lastname, email)VALUES('$name', '$lastname', '$email')");
    if($query){
        echo "successful";
        echo "<br>";
        echo "<a href='insert.php'>Back to main page</a>";
    }
    else {
        echo "error";
    }

    }
?>
<?php
mysql_close();
?>