发表新帖
发表新帖

Php Session and post problems in login page

前端 未结
关注
3 1151
甜味超标
甜味超标 2021-01-14 06:51

Ok, so we got some basic HTML here 


    Username:
相关标签:
3条回答
  • 误落风尘
    2021-01-14 07:28

    Edit: Username and password names in html are the same which are used in php, i just misstyped here.

    Edit: Ok, so you've made a typo in the form fields. You're still mixing MySQL APIs, see further down below about the mixing function using mysql_real_escape_string().

    Look at name="myusername" and your POST assignment, along with the one for your password.

    They don't match.

    Change name="myusername" to name="username"

    and name="mypassword" to name="password"

    as per

    $myusername=$_POST["username"];
$mypassword=$_POST["password"];

    Having used error reporting, would have signaled an undefined index and an headers already sent warning; see below.

    You also have spaces before <?php which would cause an output before header. Remove them.

    Plus, you're mixing MySQL APIs with mysql_error(). mysql_error() should read as mysqli_error($con) and this below:

    $myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

    which should read as

    $myusername = mysqli_real_escape_string($con,$myusername);
$mypassword = mysqli_real_escape_string($con,$mypassword);

    or 

    $myusername = mysqli_real_escape_string($con,$_POST['username']);
$mypassword = mysqli_real_escape_string($con,$_POST['password']);
    • mysqli_ and mysql_ functions do not intermix together.

    Regarding security

    I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

    I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

    Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

    Footnotes

    It is best to add exit; after each header.

    header("location:login_success.php");
exit;

    and for all headers.

    Edit:

    Remove

    $myusername=$_POST["username"];
$mypassword=$_POST["password"];
echo $myusername . "<br>";  
echo $mypassword . "<br>";

    then replace it with:

    $myusername = stripslashes($_POST["username"]);
$mypassword = stripslashes($_POST["password"]);
$myusername = mysqli_real_escape_string($con,$_POST['username']);
$mypassword = mysqli_real_escape_string($con,$_POST['password']);

    Edit #2:

    This is what I tested your code with, and got success, therefore I don't know what is wrong with your present code.

    HTML FORM

    <form action="main_login.php" method="post" style="text-align:right;">
    Username:   
    <input type="text" name="username" value="" size=20  style="display:inline-block;margin-left:10px"required>
    <br> 
    Password:  
    <input type="text" name="password" value="" size=20 style="margin-left:12px"required> 
    <br>  
    <input type="submit" value="Log In" style="margin-left:75px"=> 
</form>

    MySQL

    <?php

    $DB_HOST = 'xxx';
    $DB_USER = 'xxx';
    $DB_PASS = 'xxx';
    $DB_NAME = 'xxx';

    $conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
    if($conn->connect_errno > 0) {
      die('Connection failed [' . $conn->connect_error . ']');
    }

    $myusername = stripslashes($_POST["username"]);
    $mypassword = stripslashes($_POST["password"]);
    $myusername = mysqli_real_escape_string($conn,$_POST['username']);
    $mypassword = mysqli_real_escape_string($conn,$_POST['password']);


    echo $myusername; // echos
    echo "<br>";
    echo $mypassword; // echos


    $sql="SELECT * FROM register WHERE username='$myusername' and password='$mypassword'";
    $result=mysqli_query($conn,$sql);

    $count=mysqli_num_rows($result);

    if($count==1){
        echo "Yep";
    }
    else{
        echo "nope";
    }

    N.B.: You should also clear out your sessions (destroy sessions), there could be something on the server caching old usernames and passwords.

    Also make sure there are no spaces in your columns, that the types are correct and the lengths are long enough to hold the data. Usually VARCHAR(255) is more than enough, but is suggested when using hashed passwords generated by password_hash(), a function which you should be using when storing passwords.

    See also:

    • What is the difference between session_unset() and session_destroy() in PHP?

    on Stack.

    0 讨论(0)
  • 醉话见心
    2021-01-14 07:32

    the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So make sure that your webpage is opening always in single type of url. either with www. or without www.

    0 讨论(0)
  • 旧巷少年郎
    2021-01-14 07:36 
       <?php
session_start();

    First of all there is a space at the beginning.

    It should be 

    <?php session_start();
    0 讨论(0)
 看不清?
提交回复
热议问题